diff --git a/.gitignore b/.gitignore
index eee5b09..5e4ac2c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/sssd-2.2.3.tar.gz
+SOURCES/sssd-2.3.0.tar.gz
diff --git a/.sssd.metadata b/.sssd.metadata
index 3fa9e18..1dea3e7 100644
--- a/.sssd.metadata
+++ b/.sssd.metadata
@@ -1 +1 @@
-c2b457f85586750f5b22bfedd4cbca5b6f8fdb88 SOURCES/sssd-2.2.3.tar.gz
+61b8704c33ea80104fa9d94017c704e333c3c552 SOURCES/sssd-2.3.0.tar.gz
diff --git a/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch b/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch
deleted file mode 100644
index 124b9be..0000000
--- a/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From b626651847e188e89a332b8ac4bfaaa5047e1b3d Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Tue, 10 Dec 2019 16:30:32 +0100
-Subject: [PATCH] INI: sssctl config-check command error messages
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In case of parsing error sssctl config-check command does not give
-proper error messages with line number. With this patch the error
-message is printed again.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/4129
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/util/sss_ini.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
-index e3699805d..5d91602cd 100644
---- a/src/util/sss_ini.c
-+++ b/src/util/sss_ini.c
-@@ -865,6 +865,7 @@ int sss_ini_read_sssd_conf(struct sss_ini *self,
-
- ret = sss_ini_parse(self);
- if (ret != EOK) {
-+ sss_ini_config_print_errors(self->error_list);
- DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse configuration.\n");
- return ERR_INI_PARSE_FAILED;
- }
---
-2.20.1
-
diff --git a/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch b/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch
new file mode 100644
index 0000000..52ba2f4
--- /dev/null
+++ b/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch
@@ -0,0 +1,114 @@
+From a7c755672cd277497da3df4714f6d9457b6ac5ae Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 28 May 2020 15:02:43 +0200
+Subject: [PATCH] ad_gpo_ndr.c: more ndr updates
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch add another update to the ndr code which was previously
+updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and
+1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc.
+
+As missing update in ndr_pull_security_ace() cased
+a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was
+added to prevent similar issues in future.
+
+Resolves: https://github.com/SSSD/sssd/issues/5183
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_gpo_ndr.c | 1 +
+ src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 58 insertions(+)
+
+diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
+index acd7b77c8..71d6d40f2 100644
+--- a/src/providers/ad/ad_gpo_ndr.c
++++ b/src/providers/ad/ad_gpo_ndr.c
+@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr,
+ ndr->offset += pad;
+ }
+ if (ndr_flags & NDR_BUFFERS) {
++ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
+ NDR_CHECK(ndr_pull_security_ace_object_ctr
+ (ndr, NDR_BUFFERS, &r->object));
+ }
+diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c
+index 97f70408a..d1f7a6915 100644
+--- a/src/tests/cmocka/test_ad_gpo.c
++++ b/src/tests/cmocka/test_ad_gpo.c
+@@ -347,6 +347,60 @@ void test_ad_gpo_ace_includes_host_sid_true(void **state)
+ group_size, ace_dom_sid, true);
+ }
+
++uint8_t test_sid_data[] = {
++0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
++0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
++0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
++0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
++0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8,
++0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55,
++0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00,
++0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60,
++0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
++0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
++0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
++0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
++0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00,
++0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00,
++0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11,
++0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
++0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00
++};
++
++void test_ad_gpo_parse_sd(void **state)
++{
++ int ret;
++ struct security_descriptor *sd = NULL;
++
++ ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd);
++ assert_int_equal(ret, EINVAL);
++
++ ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd);
++ assert_int_equal(ret, EOK);
++ assert_non_null(sd);
++ assert_int_equal(sd->revision, 1);
++ assert_int_equal(sd->type, 39940);
++ assert_null(sd->owner_sid);
++ assert_null(sd->group_sid);
++ assert_null(sd->sacl);
++ assert_non_null(sd->dacl);
++ assert_int_equal(sd->dacl->revision, 4);
++ assert_int_equal(sd->dacl->size, 308);
++ assert_int_equal(sd->dacl->num_aces, 10);
++ assert_int_equal(sd->dacl->aces[0].type, 0);
++ assert_int_equal(sd->dacl->aces[0].flags, 0);
++ assert_int_equal(sd->dacl->aces[0].size, 36);
++ assert_int_equal(sd->dacl->aces[0].access_mask, 917693);
++ /* There are more components and ACEs in the security_descriptor struct
++ * which are not checked here. */
++
++ talloc_free(sd);
++}
++
+ int main(int argc, const char *argv[])
+ {
+ poptContext pc;
+@@ -385,6 +439,9 @@ int main(int argc, const char *argv[])
+ cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_host_sid_true,
+ ad_gpo_test_setup,
+ ad_gpo_test_teardown),
++ cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd,
++ ad_gpo_test_setup,
++ ad_gpo_test_teardown),
+ };
+
+ /* Set debug level to invalid value so we can decide if -d 0 was used. */
+--
+2.21.1
+
diff --git a/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch b/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch
deleted file mode 100644
index 1eee827..0000000
--- a/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 21cb9fb28db1f2eb4ee770eb029bfe20233e4392 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 12 Dec 2019 13:10:16 +0100
-Subject: [PATCH] certmap: mention special regex characters in man page
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Since some of the matching rules use regular expressions some characters
-must be escaped so that they can be used a ordinary characters in the
-rules.
-
-Related to https://pagure.io/SSSD/sssd/issue/4127
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/man/sss-certmap.5.xml | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/man/sss-certmap.5.xml b/src/man/sss-certmap.5.xml
-index db258d14a..10343625e 100644
---- a/src/man/sss-certmap.5.xml
-+++ b/src/man/sss-certmap.5.xml
-@@ -92,6 +92,15 @@
- <para>
- Example: <SUBJECT>.*,DC=MY,DC=DOMAIN
- </para>
-+ <para>
-+ Please note that the characters "^.[$()|*+?{\" have a
-+ special meaning in regular expressions and must be
-+ escaped with the help of the '\' character so that they
-+ are matched as ordinary characters.
-+ </para>
-+ <para>
-+ Example: <SUBJECT>^CN=.* \(Admin\),DC=MY,DC=DOMAIN$
-+ </para>
- </listitem>
- </varlistentry>
- <varlistentry>
---
-2.20.1
-
diff --git a/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch b/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch
new file mode 100644
index 0000000..9a6d266
--- /dev/null
+++ b/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch
@@ -0,0 +1,39 @@
+From 532b75c937d767caf60bb00f1a525ae7f6c70cc6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Wed, 20 May 2020 12:07:13 +0200
+Subject: [PATCH] test: avoid endian issues in network tests
+
+Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
+---
+ src/tests/cmocka/test_nss_srv.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
+index 2c91d0a23..3cd7809cf 100644
+--- a/src/tests/cmocka/test_nss_srv.c
++++ b/src/tests/cmocka/test_nss_srv.c
+@@ -35,6 +35,7 @@
+ #include "util/util_sss_idmap.h"
+ #include "util/crypto/sss_crypto.h"
+ #include "util/crypto/nss/nss_util.h"
++#include "util/sss_endian.h"
+ #include "db/sysdb_private.h" /* new_subdomain() */
+ #include "db/sysdb_iphosts.h"
+ #include "db/sysdb_ipnetworks.h"
+@@ -5308,7 +5309,13 @@ struct netent test_netent = {
+ .n_name = discard_const("test_network"),
+ .n_aliases = discard_const(test_netent_aliases),
+ .n_addrtype = AF_INET,
++#if (__BYTE_ORDER == __LITTLE_ENDIAN)
+ .n_net = 0x04030201 /* 1.2.3.4 */
++#elif (__BYTE_ORDER == __BIG_ENDIAN)
++ .n_net = 0x01020304 /* 1.2.3.4 */
++#else
++ #error "unknow endianess"
++#endif
+ };
+
+ static void mock_input_netbyname(const char *name)
+--
+2.21.1
+
diff --git a/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch b/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch
deleted file mode 100644
index c0d5c51..0000000
--- a/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 580d61884b6c0a81357d8f9fa69fe69d1f017185 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 6 Dec 2019 12:29:49 +0100
-Subject: [PATCH] ldap_child: do not try PKINIT
-
-if the PKINIT plugin is installed and pkinit_identities is set in
-/etc/krb5.conf libkrb5 will try to do PKINIT although ldap_child only
-wants to authenticate with a keytab. As a result ldap_child might try to
-access a Smartcard which is either not allowed at all or might cause
-unexpected delays.
-
-To avoid this the current patch sets pkinit_identities for LDAP child
-explicitly to make the PKINIT plugin fail because if installed libkrb5
-will always use it.
-
-It turned out the setting pre-authentication options requires some
-internal flags to be set and krb5_get_init_creds_opt_alloc() must be
-used to initialize the options struct.
-
-Related to https://pagure.io/SSSD/sssd/issue/4126
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/providers/ldap/ldap_child.c | 30 ++++++++++++++++++++++--------
- 1 file changed, 22 insertions(+), 8 deletions(-)
-
-diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
-index 408d64db4..b081df90f 100644
---- a/src/providers/ldap/ldap_child.c
-+++ b/src/providers/ldap/ldap_child.c
-@@ -277,7 +277,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
- krb5_ccache ccache = NULL;
- krb5_principal kprinc;
- krb5_creds my_creds;
-- krb5_get_init_creds_opt options;
-+ krb5_get_init_creds_opt *options = NULL;
- krb5_error_code krberr;
- krb5_timestamp kdc_time_offset;
- int canonicalize = 0;
-@@ -392,19 +392,32 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
- }
-
- memset(&my_creds, 0, sizeof(my_creds));
-- memset(&options, 0, sizeof(options));
-
-- krb5_get_init_creds_opt_set_address_list(&options, NULL);
-- krb5_get_init_creds_opt_set_forwardable(&options, 0);
-- krb5_get_init_creds_opt_set_proxiable(&options, 0);
-- krb5_get_init_creds_opt_set_tkt_life(&options, lifetime);
-+ krberr = krb5_get_init_creds_opt_alloc(context, &options);
-+ if (krberr != 0) {
-+ DEBUG(SSSDBG_OP_FAILURE, "krb5_get_init_creds_opt_alloc failed.\n");
-+ goto done;
-+ }
-+
-+ krb5_get_init_creds_opt_set_address_list(options, NULL);
-+ krb5_get_init_creds_opt_set_forwardable(options, 0);
-+ krb5_get_init_creds_opt_set_proxiable(options, 0);
-+ krb5_get_init_creds_opt_set_tkt_life(options, lifetime);
-+ krberr = krb5_get_init_creds_opt_set_pa(context, options,
-+ "X509_user_identity", "");
-+ if (krberr != 0) {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ "krb5_get_init_creds_opt_set_pa failed [%d], ignored.\n",
-+ krberr);
-+ }
-+
-
- tmp_str = getenv("KRB5_CANONICALIZE");
- if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) {
- DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n");
- canonicalize = 1;
- }
-- sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize);
-+ sss_krb5_get_init_creds_opt_set_canonicalize(options, canonicalize);
-
- ccname_file = talloc_asprintf(tmp_ctx, "%s/ccache_%s",
- DB_PATH, realm_name);
-@@ -433,7 +446,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
- }
-
- krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc,
-- keytab, 0, NULL, &options);
-+ keytab, 0, NULL, options);
- if (krberr != 0) {
- DEBUG(SSSDBG_OP_FAILURE,
- "krb5_get_init_creds_keytab() failed: %d\n", krberr);
-@@ -513,6 +526,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
- *expire_time_out = my_creds.times.endtime - kdc_time_offset;
-
- done:
-+ krb5_get_init_creds_opt_free(context, options);
- if (krberr != 0) {
- if (*_krb5_msg == NULL) {
- /* no custom error message provided hence get one from libkrb5 */
---
-2.20.1
-
diff --git a/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch b/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch
new file mode 100644
index 0000000..9934c57
--- /dev/null
+++ b/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch
@@ -0,0 +1,137 @@
+From 61f4aaa56ea876fb75c1366c938818b7799408ab Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Wed, 29 Apr 2020 16:40:36 +0200
+Subject: [PATCH] sssctl: sssctl config-check alternative config file
+
+The sssctl config-check now allows to specify alternative config
+file so it can be tested before rewriting system configuration.
+
+ sssctl config-check -c ./sssd.conf
+
+Configuration snippets are looked up in the same place under
+conf.d directory. It would be in ./conf.d/ for the example above.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5142
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/confdb/confdb.h | 6 ++--
+ src/tools/sssctl/sssctl_config.c | 56 ++++++++++++++++++++++++++++----
+ 2 files changed, 53 insertions(+), 9 deletions(-)
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index 0a5593232..a2b58e12a 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -40,8 +40,10 @@
+
+ #define CONFDB_DEFAULT_CFG_FILE_VER 2
+ #define CONFDB_FILE "config.ldb"
+-#define SSSD_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf"
+-#define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/conf.d"
++#define SSSD_CONFIG_FILE_NAME "sssd.conf"
++#define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME
++#define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d"
++#define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/"CONFDB_DEFAULT_CONFIG_DIR_NAME
+ #define SSSD_MIN_ID 1
+ #define SSSD_LOCAL_MINID 1000
+ #define CONFDB_DEFAULT_SHELL_FALLBACK "/bin/sh"
+diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
+index 74395b61c..de9f3de6e 100644
+--- a/src/tools/sssctl/sssctl_config.c
++++ b/src/tools/sssctl/sssctl_config.c
+@@ -34,6 +34,29 @@
+
+
+ #ifdef HAVE_LIBINI_CONFIG_V1_3
++
++static char *sssctl_config_snippet_path(TALLOC_CTX *ctx, const char *path)
++{
++ char *tmp = NULL;
++ const char delimiter = '/';
++ char *dpos = NULL;
++
++ tmp = talloc_strdup(ctx, path);
++ if (!tmp) {
++ return NULL;
++ }
++
++ dpos = strrchr(tmp, delimiter);
++ if (dpos != NULL) {
++ ++dpos;
++ *dpos = '\0';
++ } else {
++ *tmp = '\0';
++ }
++
++ return talloc_strdup_append(tmp, CONFDB_DEFAULT_CONFIG_DIR_NAME);
++}
++
+ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ struct sss_tool_ctx *tool_ctx,
+ void *pvt)
+@@ -47,8 +70,15 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ size_t num_ra_error, num_ra_success;
+ char **strs = NULL;
+ TALLOC_CTX *tmp_ctx = NULL;
+-
+- ret = sss_tool_popt(cmdline, NULL, SSS_TOOL_OPT_OPTIONAL, NULL, NULL);
++ const char *config_path = NULL;
++ const char *config_snippet_path = NULL;
++ struct poptOption long_options[] = {
++ {"config", 'c', POPT_ARG_STRING, &config_path,
++ 0, _("Specify a non-default config file"), NULL},
++ POPT_TABLEEND
++ };
++
++ ret = sss_tool_popt(cmdline, long_options, SSS_TOOL_OPT_OPTIONAL, NULL, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse command arguments\n");
+ return ret;
+@@ -62,17 +92,29 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ goto done;
+ }
+
++ if (config_path != NULL) {
++ config_snippet_path = sssctl_config_snippet_path(tmp_ctx, config_path);
++ if (config_snippet_path == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create snippet path\n");
++ ret = ENOMEM;
++ goto done;
++ }
++ } else {
++ config_path = SSSD_CONFIG_FILE;
++ config_snippet_path = CONFDB_DEFAULT_CONFIG_DIR;
++ }
++
+ ret = sss_ini_read_sssd_conf(init_data,
+- SSSD_CONFIG_FILE,
+- CONFDB_DEFAULT_CONFIG_DIR);
++ config_path,
++ config_snippet_path);
+
+ if (ret == ERR_INI_OPEN_FAILED) {
+- PRINT("Failed to open %s\n", SSSD_CONFIG_FILE);
++ PRINT("Failed to open %s\n", config_path);
+ goto done;
+ }
+
+ if (!sss_ini_exists(init_data)) {
+- PRINT("File %1$s does not exist.\n", SSSD_CONFIG_FILE);
++ PRINT("File %1$s does not exist.\n", config_path);
+ }
+
+ if (ret == ERR_INI_INVALID_PERMISSION) {
+@@ -83,7 +125,7 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+
+ if (ret == ERR_INI_PARSE_FAILED) {
+ PRINT("Failed to load configuration from %s.\n",
+- SSSD_CONFIG_FILE);
++ config_path);
+ goto done;
+ }
+
+--
+2.21.1
+
diff --git a/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch b/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch
new file mode 100644
index 0000000..00814b7
--- /dev/null
+++ b/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch
@@ -0,0 +1,664 @@
+From 375887543daf26003ff7d900cf6a69d0c0b58523 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Wed, 27 May 2020 22:33:50 +0200
+Subject: [PATCH] DEBUG: only open child process log files when required
+
+There was no reason to keep child process log files open permanently.
+
+This patch:
+ - helps to avoid issue when SIGHUP was ignored for child process logs;
+ - somewhat reduces code duplication.
+
+Resolves: https://github.com/SSSD/sssd/issues/4667
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/providers/ad/ad_gpo.c | 17 +++--------------
+ src/providers/ad/ad_init.c | 7 -------
+ src/providers/ad/ad_machine_pw_renewal.c | 2 +-
+ src/providers/ipa/ipa_init.c | 7 -------
+ src/providers/ipa/ipa_selinux.c | 17 +----------------
+ src/providers/krb5/krb5_child_handler.c | 2 +-
+ src/providers/krb5/krb5_common.h | 1 -
+ src/providers/krb5/krb5_init_shared.c | 8 --------
+ src/providers/ldap/ldap_common.c | 3 ---
+ src/providers/ldap/ldap_common.h | 6 ------
+ src/providers/ldap/ldap_init.c | 7 -------
+ src/providers/ldap/sdap_child_helpers.c | 10 +---------
+ src/responder/pam/pamsrv.c | 1 -
+ src/responder/pam/pamsrv.h | 2 --
+ src/responder/pam/pamsrv_cmd.c | 2 +-
+ src/responder/pam/pamsrv_p11.c | 9 ++-------
+ src/responder/ssh/ssh_private.h | 1 -
+ src/responder/ssh/ssh_reply.c | 4 ++--
+ src/responder/ssh/sshsrv.c | 10 ----------
+ src/tests/cmocka/test_cert_utils.c | 12 ++++++------
+ src/util/cert.h | 2 +-
+ src/util/cert/cert_common_p11_child.c | 9 ++++-----
+ src/util/child_common.c | 21 +++++++++++++++++----
+ src/util/child_common.h | 6 ++----
+ 24 files changed, 42 insertions(+), 124 deletions(-)
+
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index f17917552..bbe8d8a1e 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -99,15 +99,14 @@
+ #define GPO_CHILD SSSD_LIBEXEC_PATH"/gpo_child"
+ #endif
+
++#define GPO_CHILD_LOG_FILE "gpo_child"
++
+ /* If INI_PARSE_IGNORE_NON_KVP is not defined, use 0 (no effect) */
+ #ifndef INI_PARSE_IGNORE_NON_KVP
+ #define INI_PARSE_IGNORE_NON_KVP 0
+ #warning INI_PARSE_IGNORE_NON_KVP not defined.
+ #endif
+
+-/* fd used by the gpo_child process for logging */
+-int gpo_child_debug_fd = -1;
+-
+ /* == common data structures and declarations ============================= */
+
+ struct gp_som {
+@@ -1618,13 +1617,6 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
+ return ret;
+ }
+
+-#define GPO_CHILD_LOG_FILE "gpo_child"
+-
+-static errno_t gpo_child_init(void)
+-{
+- return child_debug_init(GPO_CHILD_LOG_FILE, &gpo_child_debug_fd);
+-}
+-
+ /*
+ * This function retrieves the raw policy_setting_value for the input key from
+ * the GPO_Result object in the sysdb cache. It then parses the raw value and
+@@ -1808,9 +1800,6 @@ ad_gpo_access_send(TALLOC_CTX *mem_ctx,
+ hash_value_t val;
+ enum gpo_map_type gpo_map_type;
+
+- /* setup logging for gpo child */
+- gpo_child_init();
+-
+ req = tevent_req_create(mem_ctx, &state, struct ad_gpo_access_state);
+ if (req == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
+@@ -4763,7 +4752,7 @@ gpo_fork_child(struct tevent_req *req)
+ if (pid == 0) { /* child */
+ exec_child_ex(state,
+ pipefd_to_child, pipefd_from_child,
+- GPO_CHILD, gpo_child_debug_fd, NULL, false,
++ GPO_CHILD, GPO_CHILD_LOG_FILE, NULL, false,
+ STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO);
+
+ /* We should never get here */
+diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
+index 05535fcb0..704e63a06 100644
+--- a/src/providers/ad/ad_init.c
++++ b/src/providers/ad/ad_init.c
+@@ -402,13 +402,6 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx,
+
+ sdap_id_ctx->opts->sdom->pvt = ad_id_ctx;
+
+- ret = sdap_setup_child();
+- if (ret != EOK) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "sdap_setup_child() failed [%d]: %s\n",
+- ret, sss_strerror(ret));
+- return ret;
+- }
+-
+ ret = ad_init_srv_plugin(be_ctx, ad_options);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup SRV plugin [%d]: %s\n",
+diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c
+index e0db5fad5..ce9bbe6f3 100644
+--- a/src/providers/ad/ad_machine_pw_renewal.c
++++ b/src/providers/ad/ad_machine_pw_renewal.c
+@@ -185,7 +185,7 @@ ad_machine_account_password_renewal_send(TALLOC_CTX *mem_ctx,
+ child_pid = fork();
+ if (child_pid == 0) { /* child */
+ exec_child_ex(state, pipefd_to_child, pipefd_from_child,
+- renewal_data->prog_path, -1,
++ renewal_data->prog_path, NULL,
+ extra_args, true,
+ STDIN_FILENO, STDERR_FILENO);
+
+diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
+index cdfd11d7a..d8d592653 100644
+--- a/src/providers/ipa/ipa_init.c
++++ b/src/providers/ipa/ipa_init.c
+@@ -571,13 +571,6 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx,
+ return ret;
+ }
+
+- ret = sdap_setup_child();
+- if (ret != EOK) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup sdap child [%d]: %s\n",
+- ret, sss_strerror(ret));
+- return ret;
+- }
+-
+ if (dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE)) {
+ ret = ipa_init_server_mode(be_ctx, ipa_options, ipa_id_ctx);
+ if (ret != EOK) {
+diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
+index 630f68ad5..9ae37b90d 100644
+--- a/src/providers/ipa/ipa_selinux.c
++++ b/src/providers/ipa/ipa_selinux.c
+@@ -51,9 +51,6 @@
+
+ #include <selinux/selinux.h>
+
+-/* fd used by the selinux_child process for logging */
+-int selinux_child_debug_fd = -1;
+-
+ static struct tevent_req *
+ ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
+ struct be_ctx *be_ctx,
+@@ -565,7 +562,6 @@ struct selinux_child_state {
+ struct child_io_fds *io;
+ };
+
+-static errno_t selinux_child_init(void);
+ static errno_t selinux_child_create_buffer(struct selinux_child_state *state);
+ static errno_t selinux_fork_child(struct selinux_child_state *state);
+ static void selinux_child_step(struct tevent_req *subreq);
+@@ -602,12 +598,6 @@ static struct tevent_req *selinux_child_send(TALLOC_CTX *mem_ctx,
+ state->io->read_from_child_fd = -1;
+ talloc_set_destructor((void *) state->io, child_io_destructor);
+
+- ret = selinux_child_init();
+- if (ret != EOK) {
+- DEBUG(SSSDBG_OP_FAILURE, "Failed to init the child\n");
+- goto immediately;
+- }
+-
+ ret = selinux_child_create_buffer(state);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to create the send buffer\n");
+@@ -638,11 +628,6 @@ immediately:
+ return req;
+ }
+
+-static errno_t selinux_child_init(void)
+-{
+- return child_debug_init(SELINUX_CHILD_LOG_FILE, &selinux_child_debug_fd);
+-}
+-
+ static errno_t selinux_child_create_buffer(struct selinux_child_state *state)
+ {
+ size_t rp;
+@@ -712,7 +697,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
+
+ if (pid == 0) { /* child */
+ exec_child(state, pipefd_to_child, pipefd_from_child,
+- SELINUX_CHILD, selinux_child_debug_fd);
++ SELINUX_CHILD, SELINUX_CHILD_LOG_FILE);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
+ ret, sss_strerror(ret));
+ return ret;
+diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
+index b7fb54499..8546285b2 100644
+--- a/src/providers/krb5/krb5_child_handler.c
++++ b/src/providers/krb5/krb5_child_handler.c
+@@ -465,7 +465,7 @@ static errno_t fork_child(struct tevent_req *req)
+ if (pid == 0) { /* child */
+ exec_child_ex(state,
+ pipefd_to_child, pipefd_from_child,
+- KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd,
++ KRB5_CHILD, KRB5_CHILD_LOG_FILE,
+ krb5_child_extra_args, false,
+ STDIN_FILENO, STDOUT_FILENO);
+
+diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
+index 493d12e5f..f198e2684 100644
+--- a/src/providers/krb5/krb5_common.h
++++ b/src/providers/krb5/krb5_common.h
+@@ -124,7 +124,6 @@ struct krb5_ctx {
+ struct dp_option *opts;
+ struct krb5_service *service;
+ struct krb5_service *kpasswd_service;
+- int child_debug_fd;
+
+ sss_regexp_t *illegal_path_re;
+
+diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
+index afe15b365..ea3d32805 100644
+--- a/src/providers/krb5/krb5_init_shared.c
++++ b/src/providers/krb5/krb5_init_shared.c
+@@ -71,14 +71,6 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
+ goto done;
+ }
+
+- krb5_auth_ctx->child_debug_fd = -1; /* -1 means not initialized */
+- ret = child_debug_init(KRB5_CHILD_LOG_FILE,
+- &krb5_auth_ctx->child_debug_fd);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_OP_FAILURE, "Could not set krb5_child debugging!\n");
+- goto done;
+- }
+-
+ ret = parse_krb5_map_user(krb5_auth_ctx,
+ dp_opt_get_cstring(krb5_auth_ctx->opts,
+ KRB5_MAP_USER),
+diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
+index 9d7806a2f..2133db36f 100644
+--- a/src/providers/ldap/ldap_common.c
++++ b/src/providers/ldap/ldap_common.c
+@@ -35,9 +35,6 @@
+
+ #include "providers/ldap/sdap_idmap.h"
+
+-/* a fd the child process would log into */
+-int ldap_child_debug_fd = -1;
+-
+ errno_t ldap_id_setup_tasks(struct sdap_id_ctx *ctx)
+ {
+ return sdap_id_setup_tasks(ctx->be, ctx, ctx->opts->sdom,
+diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
+index 63ee5dd84..13e6d4871 100644
+--- a/src/providers/ldap/ldap_common.h
++++ b/src/providers/ldap/ldap_common.h
+@@ -44,9 +44,6 @@
+
+ #define LDAP_ENUM_PURGE_TIMEOUT 10800
+
+-/* a fd the child process would log into */
+-extern int ldap_child_debug_fd;
+-
+ struct sdap_id_ctx;
+
+ struct sdap_id_conn_ctx {
+@@ -342,9 +339,6 @@ sdap_ipnetwork_handler_recv(TALLOC_CTX *mem_ctx,
+ struct tevent_req *req,
+ struct dp_reply_std *data);
+
+-/* setup child logging */
+-int sdap_setup_child(void);
+-
+
+ errno_t string_to_shadowpw_days(const char *s, long *d);
+
+diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
+index 1be5d13de..de64e5985 100644
+--- a/src/providers/ldap/ldap_init.c
++++ b/src/providers/ldap/ldap_init.c
+@@ -419,13 +419,6 @@ static errno_t ldap_init_misc(struct be_ctx *be_ctx,
+ return ret;
+ }
+
+- ret = sdap_setup_child();
+- if (ret != EOK) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup sdap child [%d]: %s\n",
+- ret, sss_strerror(ret));
+- return ret;
+- }
+-
+ /* Setup SRV lookup plugin */
+ ret = be_fo_set_dns_srv_lookup_plugin(be_ctx, NULL);
+ if (ret != EOK) {
+diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c
+index a03d28c9c..9d25aea8b 100644
+--- a/src/providers/ldap/sdap_child_helpers.c
++++ b/src/providers/ldap/sdap_child_helpers.c
+@@ -111,7 +111,7 @@ static errno_t sdap_fork_child(struct tevent_context *ev,
+ if (pid == 0) { /* child */
+ exec_child(child,
+ pipefd_to_child, pipefd_from_child,
+- LDAP_CHILD, ldap_child_debug_fd);
++ LDAP_CHILD, LDAP_CHILD_LOG_FILE);
+
+ /* We should never get here */
+ DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec LDAP child\n");
+@@ -512,11 +512,3 @@ static errno_t set_tgt_child_timeout(struct tevent_req *req,
+
+ return EOK;
+ }
+-
+-
+-
+-/* Setup child logging */
+-int sdap_setup_child(void)
+-{
+- return child_debug_init(LDAP_CHILD_LOG_FILE, &ldap_child_debug_fd);
+-}
+diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
+index a4c9ebbbb..dde44a472 100644
+--- a/src/responder/pam/pamsrv.c
++++ b/src/responder/pam/pamsrv.c
+@@ -277,7 +277,6 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
+- pctx->p11_child_debug_fd = -1;
+ if (pctx->cert_auth) {
+ ret = p11_child_init(pctx);
+ if (ret != EOK) {
+diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
+index 24bd9764d..478d91b93 100644
+--- a/src/responder/pam/pamsrv.h
++++ b/src/responder/pam/pamsrv.h
+@@ -54,7 +54,6 @@ struct pam_ctx {
+ char **app_services;
+
+ bool cert_auth;
+- int p11_child_debug_fd;
+ char *nss_db;
+ struct sss_certmap_ctx *sss_certmap_ctx;
+ char **smartcard_services;
+@@ -110,7 +109,6 @@ void sss_cai_check_users(struct cert_auth_info **list, size_t *_cert_count,
+
+ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+- int child_debug_fd,
+ const char *nss_db,
+ time_t timeout,
+ const char *verify_opts,
+diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
+index ddde9eda2..1cd901f15 100644
+--- a/src/responder/pam/pamsrv_cmd.c
++++ b/src/responder/pam/pamsrv_cmd.c
+@@ -1404,7 +1404,7 @@ static errno_t check_cert(TALLOC_CTX *mctx,
+ return ret;
+ }
+
+- req = pam_check_cert_send(mctx, ev, pctx->p11_child_debug_fd,
++ req = pam_check_cert_send(mctx, ev,
+ pctx->nss_db, p11_child_timeout,
+ cert_verification_opts, pctx->sss_certmap_ctx,
+ uri, pd);
+diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
+index 8e276b200..3f0afaeff 100644
+--- a/src/responder/pam/pamsrv_p11.c
++++ b/src/responder/pam/pamsrv_p11.c
+@@ -242,7 +242,7 @@ errno_t p11_child_init(struct pam_ctx *pctx)
+ return ret;
+ }
+
+- return child_debug_init(P11_CHILD_LOG_FILE, &pctx->p11_child_debug_fd);
++ return EOK;
+ }
+
+ static inline bool
+@@ -705,7 +705,6 @@ static void p11_child_timeout(struct tevent_context *ev,
+
+ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+- int child_debug_fd,
+ const char *nss_db,
+ time_t timeout,
+ const char *verify_opts,
+@@ -838,14 +837,10 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
+- if (child_debug_fd == -1) {
+- child_debug_fd = STDERR_FILENO;
+- }
+-
+ child_pid = fork();
+ if (child_pid == 0) { /* child */
+ exec_child_ex(state, pipefd_to_child, pipefd_from_child,
+- P11_CHILD_PATH, child_debug_fd, extra_args, false,
++ P11_CHILD_PATH, P11_CHILD_LOG_FILE, extra_args, false,
+ STDIN_FILENO, STDOUT_FILENO);
+
+ /* We should never get here */
+diff --git a/src/responder/ssh/ssh_private.h b/src/responder/ssh/ssh_private.h
+index 028ccd616..5aa7e37d6 100644
+--- a/src/responder/ssh/ssh_private.h
++++ b/src/responder/ssh/ssh_private.h
+@@ -36,7 +36,6 @@ struct ssh_ctx {
+ char *ca_db;
+ bool use_cert_keys;
+
+- int p11_child_debug_fd;
+ time_t certmap_last_read;
+ struct sss_certmap_ctx *sss_certmap_ctx;
+ char **cert_rules;
+diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
+index 97914266d..edeb28765 100644
+--- a/src/responder/ssh/ssh_reply.c
++++ b/src/responder/ssh/ssh_reply.c
+@@ -249,7 +249,7 @@ struct tevent_req *ssh_get_output_keys_send(TALLOC_CTX *mem_ctx,
+ : state->user_cert_override;
+
+ subreq = cert_to_ssh_key_send(state, state->ev,
+- state->ssh_ctx->p11_child_debug_fd,
++ P11_CHILD_LOG_FILE,
+ state->p11_child_timeout,
+ state->ssh_ctx->ca_db,
+ state->ssh_ctx->sss_certmap_ctx,
+@@ -335,7 +335,7 @@ void ssh_get_output_keys_done(struct tevent_req *subreq)
+ goto done;
+ }
+
+- subreq = cert_to_ssh_key_send(state, state->ev, -1,
++ subreq = cert_to_ssh_key_send(state, state->ev, NULL,
+ state->p11_child_timeout,
+ state->ssh_ctx->ca_db,
+ state->ssh_ctx->sss_certmap_ctx,
+diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c
+index 7765e91b8..6072a702c 100644
+--- a/src/responder/ssh/sshsrv.c
++++ b/src/responder/ssh/sshsrv.c
+@@ -126,16 +126,6 @@ int ssh_process_init(TALLOC_CTX *mem_ctx,
+ goto fail;
+ }
+
+- ssh_ctx->p11_child_debug_fd = -1;
+- if (ssh_ctx->use_cert_keys) {
+- ret = child_debug_init(P11_CHILD_LOG_FILE,
+- &ssh_ctx->p11_child_debug_fd);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_FATAL_FAILURE,
+- "Failed to setup p11_child logging, ignored.\n");
+- }
+- }
+-
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
+diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
+index 848ed1a8d..1ff20576a 100644
+--- a/src/tests/cmocka/test_cert_utils.c
++++ b/src/tests/cmocka/test_cert_utils.c
+@@ -391,7 +391,7 @@ void test_cert_to_ssh_key_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+@@ -465,7 +465,7 @@ void test_cert_to_ssh_2keys_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+@@ -548,7 +548,7 @@ void test_cert_to_ssh_2keys_invalid_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+@@ -614,7 +614,7 @@ void test_ec_cert_to_ssh_key_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_ECC_CA/p11_ecc_nssdb",
+ #else
+@@ -691,7 +691,7 @@ void test_cert_to_ssh_2keys_with_certmap_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+@@ -769,7 +769,7 @@ void test_cert_to_ssh_2keys_with_certmap_2_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+diff --git a/src/util/cert.h b/src/util/cert.h
+index d038a99f6..16dda37b3 100644
+--- a/src/util/cert.h
++++ b/src/util/cert.h
+@@ -57,7 +57,7 @@ errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64,
+
+ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+- int child_debug_fd, time_t timeout,
++ const char *logfile, time_t timeout,
+ const char *ca_db,
+ struct sss_certmap_ctx *sss_certmap_ctx,
+ size_t cert_count,
+diff --git a/src/util/cert/cert_common_p11_child.c b/src/util/cert/cert_common_p11_child.c
+index 1846ff89a..18a331f23 100644
+--- a/src/util/cert/cert_common_p11_child.c
++++ b/src/util/cert/cert_common_p11_child.c
+@@ -24,7 +24,7 @@
+
+ struct cert_to_ssh_key_state {
+ struct tevent_context *ev;
+- int child_debug_fd;
++ const char *logfile;
+ time_t timeout;
+ const char **extra_args;
+ const char **certs;
+@@ -45,7 +45,7 @@ static void cert_to_ssh_key_done(int child_status,
+
+ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+- int child_debug_fd, time_t timeout,
++ const char *logfile, time_t timeout,
+ const char *ca_db,
+ struct sss_certmap_ctx *sss_certmap_ctx,
+ size_t cert_count,
+@@ -70,8 +70,7 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
+ }
+
+ state->ev = ev;
+- state->child_debug_fd = (child_debug_fd == -1) ? STDERR_FILENO
+- : child_debug_fd;
++ state->logfile = logfile;
+ state->timeout = timeout;
+ state->io = talloc(state, struct child_io_fds);
+ if (state->io == NULL) {
+@@ -205,7 +204,7 @@ static errno_t cert_to_ssh_key_step(struct tevent_req *req)
+ child_pid = fork();
+ if (child_pid == 0) { /* child */
+ exec_child_ex(state, pipefd_to_child, pipefd_from_child, P11_CHILD_PATH,
+- state->child_debug_fd, state->extra_args, false,
++ state->logfile, state->extra_args, false,
+ STDIN_FILENO, STDOUT_FILENO);
+ /* We should never get here */
+ DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n");
+diff --git a/src/util/child_common.c b/src/util/child_common.c
+index 3a07580c2..5cac725ca 100644
+--- a/src/util/child_common.c
++++ b/src/util/child_common.c
+@@ -47,6 +47,8 @@ struct sss_child_ctx {
+ struct sss_sigchild_ctx *sigchld_ctx;
+ };
+
++static errno_t child_debug_init(const char *logfile, int *debug_fd);
++
+ static void sss_child_handler(struct tevent_context *ev,
+ struct tevent_signal *se,
+ int signum,
+@@ -725,13 +727,24 @@ fail:
+
+ void exec_child_ex(TALLOC_CTX *mem_ctx,
+ int *pipefd_to_child, int *pipefd_from_child,
+- const char *binary, int debug_fd,
++ const char *binary, const char *logfile,
+ const char *extra_argv[], bool extra_args_only,
+ int child_in_fd, int child_out_fd)
+ {
+ int ret;
+ errno_t err;
+ char **argv;
++ int debug_fd = -1;
++
++ if (logfile) {
++ ret = child_debug_init(logfile, &debug_fd);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "child_debug_init() failed.\n");
++ exit(EXIT_FAILURE);
++ }
++ } else {
++ debug_fd = STDERR_FILENO;
++ }
+
+ close(pipefd_to_child[1]);
+ ret = dup2(pipefd_to_child[0], child_in_fd);
+@@ -767,10 +780,10 @@ void exec_child_ex(TALLOC_CTX *mem_ctx,
+
+ void exec_child(TALLOC_CTX *mem_ctx,
+ int *pipefd_to_child, int *pipefd_from_child,
+- const char *binary, int debug_fd)
++ const char *binary, const char *logfile)
+ {
+ exec_child_ex(mem_ctx, pipefd_to_child, pipefd_from_child,
+- binary, debug_fd, NULL, false,
++ binary, logfile, NULL, false,
+ STDIN_FILENO, STDOUT_FILENO);
+ }
+
+@@ -803,7 +816,7 @@ int child_io_destructor(void *ptr)
+ return EOK;
+ }
+
+-errno_t child_debug_init(const char *logfile, int *debug_fd)
++static errno_t child_debug_init(const char *logfile, int *debug_fd)
+ {
+ int ret;
+ FILE *debug_filep;
+diff --git a/src/util/child_common.h b/src/util/child_common.h
+index 37116e2a7..92d66a500 100644
+--- a/src/util/child_common.h
++++ b/src/util/child_common.h
+@@ -106,7 +106,7 @@ void fd_nonblocking(int fd);
+ /* Never returns EOK, ether returns an error, or doesn't return on success */
+ void exec_child_ex(TALLOC_CTX *mem_ctx,
+ int *pipefd_to_child, int *pipefd_from_child,
+- const char *binary, int debug_fd,
++ const char *binary, const char *logfile,
+ const char *extra_argv[], bool extra_args_only,
+ int child_in_fd, int child_out_fd);
+
+@@ -115,10 +115,8 @@ void exec_child_ex(TALLOC_CTX *mem_ctx,
+ */
+ void exec_child(TALLOC_CTX *mem_ctx,
+ int *pipefd_to_child, int *pipefd_from_child,
+- const char *binary, int debug_fd);
++ const char *binary, const char *logfile);
+
+ int child_io_destructor(void *ptr);
+
+-errno_t child_debug_init(const char *logfile, int *debug_fd);
+-
+ #endif /* __CHILD_COMMON_H__ */
+--
+2.21.3
+
diff --git a/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch b/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch
deleted file mode 100644
index 55e38db..0000000
--- a/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 2c13d8bd00f1e8ff30e9fc81f183f6450303ac30 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Wed, 11 Dec 2019 18:42:49 +0100
-Subject: [PATCH] util/watchdog: fixed watchdog implementation
-
-In case watchdog detected locked process and this process was parent
-process it just sent SIGTERM to the whole group of processes, including
-itself.
-This handling was wrong: generic `server_setup()` installs custom
-libtevent handler for SIGTERM signal so this signal is only processed
-in the context of tevent mainloop. But if tevent mainloop is stuck
-(exactly the case that triggers WD) then event is not processed
-and this made watchdog useless.
-`watchdog_handler()` and `watchdog_detect_timeshift()` were amended to do
-unconditional `_exit()` after optionally sending a signal to the group.
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4089
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/util/util_watchdog.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c
-index a07275b19..38c248271 100644
---- a/src/util/util_watchdog.c
-+++ b/src/util/util_watchdog.c
-@@ -54,9 +54,8 @@ static void watchdog_detect_timeshift(void)
- if (write(watchdog_ctx.pipefd[1], "1", 1) != 1) {
- if (getpid() == getpgrp()) {
- kill(-getpgrp(), SIGTERM);
-- } else {
-- _exit(1);
- }
-+ _exit(1);
- }
- }
- }
-@@ -75,9 +74,8 @@ static void watchdog_handler(int sig)
- if (__sync_add_and_fetch(&watchdog_ctx.ticks, 1) > WATCHDOG_MAX_TICKS) {
- if (getpid() == getpgrp()) {
- kill(-getpgrp(), SIGTERM);
-- } else {
-- _exit(1);
- }
-+ _exit(1);
- }
- }
-
---
-2.20.1
-
diff --git a/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch b/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
new file mode 100644
index 0000000..f1dc851
--- /dev/null
+++ b/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
@@ -0,0 +1,64 @@
+From e58853f9ce63fae0c8b219b79be65c760a2f3e7e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 5 Jun 2020 13:57:59 +0200
+Subject: [PATCH] DEBUG: use new exec_child(_ex) interface in tests
+
+Resolves: https://github.com/SSSD/sssd/issues/4667
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/tests/cmocka/test_child_common.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/tests/cmocka/test_child_common.c b/src/tests/cmocka/test_child_common.c
+index 5cf460b50..87cae3405 100644
+--- a/src/tests/cmocka/test_child_common.c
++++ b/src/tests/cmocka/test_child_common.c
+@@ -97,7 +97,7 @@ void test_exec_child(void **state)
+ exec_child(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2);
++ CHILD_DIR"/"TEST_BIN, NULL);
+ } else {
+ do {
+ errno = 0;
+@@ -168,7 +168,7 @@ static void extra_args_test(struct child_test_ctx *child_tctx,
+ exec_child_ex(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2, extra_args,
++ CHILD_DIR"/"TEST_BIN, NULL, extra_args,
+ extra_args_only,
+ STDIN_FILENO, STDOUT_FILENO);
+ } else {
+@@ -291,7 +291,7 @@ void test_exec_child_handler(void **state)
+ exec_child(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2);
++ CHILD_DIR"/"TEST_BIN, NULL);
+ }
+
+ ret = child_handler_setup(child_tctx->test_ctx->ev, child_pid,
+@@ -341,7 +341,7 @@ void test_exec_child_echo(void **state)
+ exec_child_ex(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2, NULL, false,
++ CHILD_DIR"/"TEST_BIN, NULL, NULL, false,
+ STDIN_FILENO, 3);
+ }
+
+@@ -474,7 +474,7 @@ void test_sss_child(void **state)
+ exec_child(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2);
++ CHILD_DIR"/"TEST_BIN, NULL);
+ }
+
+ ret = sss_child_register(child_tctx, sc_ctx,
+--
+2.21.3
+
diff --git a/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch b/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch
deleted file mode 100644
index 3f7e620..0000000
--- a/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 1d4a7ffdcf8b303a40058db49d5e1be4bfb8271a Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Mon, 9 Dec 2019 17:20:28 +0100
-Subject: [PATCH 5/7] providers/krb5: got rid of unused code
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/providers/krb5/krb5_common.c | 10 ----------
- src/providers/krb5/krb5_common.h | 7 -------
- 2 files changed, 17 deletions(-)
-
-diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
-index bfda561c1..5c11c347b 100644
---- a/src/providers/krb5/krb5_common.c
-+++ b/src/providers/krb5/krb5_common.c
-@@ -1133,16 +1133,6 @@ void remove_krb5_info_files_callback(void *pvt)
- talloc_free(ctx);
- }
-
--void krb5_finalize(struct tevent_context *ev,
-- struct tevent_signal *se,
-- int signum,
-- int count,
-- void *siginfo,
-- void *private_data)
--{
-- orderly_shutdown(0);
--}
--
- errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
- struct sss_domain_info *dom, const char *username,
- const char *user_dom, char **_upn)
-diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
-index cc9313115..493d12e5f 100644
---- a/src/providers/krb5/krb5_common.h
-+++ b/src/providers/krb5/krb5_common.h
-@@ -196,13 +196,6 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
-
- void remove_krb5_info_files_callback(void *pvt);
-
--void krb5_finalize(struct tevent_context *ev,
-- struct tevent_signal *se,
-- int signum,
-- int count,
-- void *siginfo,
-- void *private_data);
--
- errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm);
-
- errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
---
-2.20.1
-
diff --git a/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch b/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
new file mode 100644
index 0000000..fb1911d
--- /dev/null
+++ b/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
@@ -0,0 +1,60 @@
+From 88e92967a7b4e3e4501b17f21812467effa331c7 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 16 Jun 2020 13:51:28 +0200
+Subject: [PATCH] NEGCACHE: skip permanent entries in [users/groups] reset
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Files provider calling `sss_ncache_reset_[users/groups]()`
+during cache rebuilding was breaking neg-cache prepopulation.
+
+Resolves: https://github.com/SSSD/sssd/issues/1024
+
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ src/responder/common/negcache.c | 9 +++++++++
+ src/responder/common/negcache.h | 1 +
+ 2 files changed, 10 insertions(+)
+
+diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
+index d9545aef6..ce1c0ab8c 100644
+--- a/src/responder/common/negcache.c
++++ b/src/responder/common/negcache.c
+@@ -900,12 +900,21 @@ static int delete_prefix(struct tdb_context *tdb,
+ TDB_DATA key, TDB_DATA data, void *state)
+ {
+ const char *prefix = (const char *) state;
++ unsigned long long int timestamp;
++ char *ep = NULL;
+
+ if (strncmp((char *)key.dptr, prefix, strlen(prefix) - 1) != 0) {
+ /* not interested in this key */
+ return 0;
+ }
+
++ errno = 0;
++ timestamp = strtoull((const char *)data.dptr, &ep, 10);
++ if ((errno == 0) && (*ep == '\0') && (timestamp == 0)) {
++ /* skip permanent entries */
++ return 0;
++ }
++
+ return tdb_delete(tdb, key);
+ }
+
+diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
+index a80412215..4dcfb5e8f 100644
+--- a/src/responder/common/negcache.h
++++ b/src/responder/common/negcache.h
+@@ -146,6 +146,7 @@ int sss_ncache_set_locate_uid(struct sss_nc_ctx *ctx,
+ uid_t uid);
+
+ int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx);
++/* sss_ncache_reset_[users/groups] skips permanent entries */
+ int sss_ncache_reset_users(struct sss_nc_ctx *ctx);
+ int sss_ncache_reset_groups(struct sss_nc_ctx *ctx);
+
+--
+2.21.3
+
diff --git a/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch b/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch
deleted file mode 100644
index a8205b7..0000000
--- a/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From e41e9b37e4d3fcd8544fb6c591dafbaef0954438 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Mon, 9 Dec 2019 17:48:14 +0100
-Subject: [PATCH 6/7] data_provider_be: got rid of duplicating SIGTERM handler
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It was wrong to install two libtevent SIGTERM handlers both of which did
-orderly_shutdown()->exit(). Naturally only one of the handlers was executed
-(as process was terminated with exit()) and libtevent docs doesn't say
-anything about order of execution. But chances are, be_process_finalize()
-was executed first so default_quit() was not executed and main_ctx was not
-freed.
-
-Moreover there is just no reason to have separate be_process_finalize()
-at all: default server handler default_quit() frees main_ctx. And be_ctx
-is linked to main_ctx so will be freed by default handler as well.
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4088
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/providers/data_provider_be.c | 37 --------------------------------
- 1 file changed, 37 deletions(-)
-
-diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
-index cfcf0268d..ce00231ff 100644
---- a/src/providers/data_provider_be.c
-+++ b/src/providers/data_provider_be.c
-@@ -445,36 +445,6 @@ be_register_monitor_iface(struct sbus_connection *conn, struct be_ctx *be_ctx)
- return sbus_connection_add_path_map(be_ctx->mon_conn, paths);
- }
-
--static void be_process_finalize(struct tevent_context *ev,
-- struct tevent_signal *se,
-- int signum,
-- int count,
-- void *siginfo,
-- void *private_data)
--{
-- struct be_ctx *be_ctx;
--
-- be_ctx = talloc_get_type(private_data, struct be_ctx);
-- talloc_free(be_ctx);
-- orderly_shutdown(0);
--}
--
--static errno_t be_process_install_sigterm_handler(struct be_ctx *be_ctx)
--{
-- struct tevent_signal *sige;
--
-- BlockSignals(false, SIGTERM);
--
-- sige = tevent_add_signal(be_ctx->ev, be_ctx, SIGTERM, SA_SIGINFO,
-- be_process_finalize, be_ctx);
-- if (sige == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
-- return ENOMEM;
-- }
--
-- return EOK;
--}
--
- static void dp_initialized(struct tevent_req *req);
-
- errno_t be_process_init(TALLOC_CTX *mem_ctx,
-@@ -566,13 +536,6 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-- /* Install signal handler */
-- ret = be_process_install_sigterm_handler(be_ctx);
-- if (ret != EOK) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "be_install_sigterm_handler failed.\n");
-- goto done;
-- }
--
- req = dp_init_send(be_ctx, be_ctx->ev, be_ctx, be_ctx->uid, be_ctx->gid);
- if (req == NULL) {
- ret = ENOMEM;
---
-2.20.1
-
diff --git a/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch b/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch
new file mode 100644
index 0000000..442552a
--- /dev/null
+++ b/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch
@@ -0,0 +1,46 @@
+From 144e78dfebc0fd01feb6c11a37f81d01146cf33a Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 12 Jun 2020 19:10:33 +0200
+Subject: [PATCH] util/inotify: fixed CLANG_WARNING
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixed following warning:
+```
+sssd-2.3.1/src/util/inotify.c:346:17: warning: Value stored to 'ret' is never read
+ # ret = EOK;
+ # ^ ~~~
+```
+
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ src/util/inotify.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/util/inotify.c b/src/util/inotify.c
+index ffc15ad4d..cf3e3d84d 100644
+--- a/src/util/inotify.c
++++ b/src/util/inotify.c
+@@ -319,7 +319,9 @@ static void snotify_internal_cb(struct tevent_context *ev,
+
+ in_event = (const struct inotify_event *) ptr;
+
+- //debug_flags(in_event->mask, in_event->name);
++#if 0
++ debug_flags(in_event->mask, in_event->name);
++#endif
+
+ if (snctx->wctx->dir_wd == in_event->wd) {
+ ret = process_dir_event(snctx, in_event);
+@@ -343,7 +345,6 @@ static void snotify_internal_cb(struct tevent_context *ev,
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Unknown watch %d\n", in_event->wd);
+- ret = EOK;
+ }
+ }
+ }
+--
+2.21.3
+
diff --git a/SOURCES/0007-util-server-improved-debug-at-shutdown.patch b/SOURCES/0007-util-server-improved-debug-at-shutdown.patch
deleted file mode 100644
index 727d7cc..0000000
--- a/SOURCES/0007-util-server-improved-debug-at-shutdown.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 3f52de891cba55230730602d41c3811cf1b17d96 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Mon, 9 Dec 2019 18:26:56 +0100
-Subject: [PATCH 7/7] util/server: improved debug at shutdown
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Relates: https://pagure.io/SSSD/sssd/issue/4088
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/util/server.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/server.c b/src/util/server.c
-index ee57ac128..33524066e 100644
---- a/src/util/server.c
-+++ b/src/util/server.c
-@@ -242,7 +242,8 @@ void orderly_shutdown(int status)
- kill(-getpgrp(), SIGTERM);
- }
- #endif
-- if (status == 0) sss_log(SSS_LOG_INFO, "Shutting down");
-+ DEBUG(SSSDBG_IMPORTANT_INFO, "Shutting down (status = %d)", status);
-+ sss_log(SSS_LOG_INFO, "Shutting down (status = %d)", status);
- exit(status);
- }
-
---
-2.20.1
-
diff --git a/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch b/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
new file mode 100644
index 0000000..6ff905e
--- /dev/null
+++ b/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
@@ -0,0 +1,97 @@
+From 0c5711f9bae1cb46d4cd3fbe5d86d8688087be13 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 12 Jun 2020 20:45:23 +0200
+Subject: [PATCH] util/inotify: fixed bug in inotify event processing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Error was spotted with the help of the following warning:
+```
+Error: CLANG_WARNING:
+sssd-2.3.1/src/util/inotify.c:327:21: warning: Value stored to 'rewatch' is never read
+ # rewatch = true;
+ # ^ ~~~~
+```
+
+First part of the issue was that EAGAIN returned by the process_dir_event()
+didn't trigger snotify_rewatch() (as suggested by the comments).
+Fixing this part is already enough to resolve issue #1031 (as it was
+reported).
+
+Another part of the issue was that process_file_event() return code wasn't
+checked against EAGAIN (again, as suggested by the DEBUG message).
+Strictly speaking, I'm not sure if this part is really required or
+if processing DIR events would cover all cases, but rebuilding watches
+on IN_IGNORED won't hurt.
+
+Resolves: https://github.com/SSSD/sssd/issues/1031
+
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ src/util/inotify.c | 30 +++++++++++++-----------------
+ 1 file changed, 13 insertions(+), 17 deletions(-)
+
+diff --git a/src/util/inotify.c b/src/util/inotify.c
+index cf3e3d84d..a3c33eddb 100644
+--- a/src/util/inotify.c
++++ b/src/util/inotify.c
+@@ -286,7 +286,7 @@ static void snotify_internal_cb(struct tevent_context *ev,
+ struct snotify_ctx *snctx;
+ ssize_t len;
+ errno_t ret;
+- bool rewatch;
++ bool rewatch = false;
+
+ snctx = talloc_get_type(data, struct snotify_ctx);
+ if (snctx == NULL) {
+@@ -305,7 +305,7 @@ static void snotify_internal_cb(struct tevent_context *ev,
+ } else {
+ DEBUG(SSSDBG_TRACE_INTERNAL, "All inotify events processed\n");
+ }
+- return;
++ break;
+ }
+
+ if ((size_t) len < sizeof(struct inotify_event)) {
+@@ -325,26 +325,22 @@ static void snotify_internal_cb(struct tevent_context *ev,
+
+ if (snctx->wctx->dir_wd == in_event->wd) {
+ ret = process_dir_event(snctx, in_event);
+- if (ret == EAGAIN) {
+- rewatch = true;
+- /* Continue with the loop and read all the events from
+- * this descriptor first, then rewatch when done
+- */
+- } else if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
+- "Failed to process inotify event\n");
+- continue;
+- }
+ } else if (snctx->wctx->file_wd == in_event->wd) {
+ ret = process_file_event(snctx, in_event);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
+- "Failed to process inotify event\n");
+- continue;
+- }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Unknown watch %d\n", in_event->wd);
++ ret = EOK;
++ }
++
++ if (ret == EAGAIN) {
++ rewatch = true;
++ /* Continue with the loop and read all the events from
++ * this descriptor first, then rewatch when done
++ */
++ } else if (ret != EOK) {
++ DEBUG(SSSDBG_MINOR_FAILURE,
++ "Failed to process inotify event\n");
+ }
+ }
+ }
+--
+2.21.3
+
diff --git a/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch b/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch
deleted file mode 100644
index 4370350..0000000
--- a/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 26e33b1984cce3549df170f58f8221201ad54cfd Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 7 Jan 2020 16:29:05 +0100
-Subject: [PATCH] util/sss_ptr_hash: fixed double free in
- sss_ptr_hash_delete_cb()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Calling data->callback(value->ptr) in sss_ptr_hash_delete_cb() could lead
-to freeing of value->ptr and thus to destruction of value->spy that is
-attached to value->ptr.
-In turn sss_ptr_hash_spy_destructor() calls sss_ptr_hash_delete() ->
-hash_delete() -> sss_ptr_hash_delete_cb() again and in this recursive
-execution hash entry was actually deleted and value was freed.
-When stack was unwound back to "first" sss_ptr_hash_delete_cb() it tried
-to free value again => double free.
-
-To prevent this bug value and hence spy are now freed before execution of
-data->callback(value->ptr).
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4135
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index c7403ffa6..8f9762cb9 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -154,13 +154,13 @@ sss_ptr_hash_delete_cb(hash_entry_t *item,
- callback_entry.value.type = HASH_VALUE_PTR;
- callback_entry.value.ptr = value->ptr;
-
-+ /* Free value, this also will disable spy */
-+ talloc_free(value);
-+
- /* Switch to the input value and call custom callback. */
- if (data->callback != NULL) {
- data->callback(&callback_entry, deltype, data->pvt);
- }
--
-- /* Free value. */
-- talloc_free(value);
- }
-
- hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
---
-2.20.1
-
diff --git a/SOURCES/0009-Replaced-enter-with-insert.patch b/SOURCES/0009-Replaced-enter-with-insert.patch
new file mode 100644
index 0000000..400d261
--- /dev/null
+++ b/SOURCES/0009-Replaced-enter-with-insert.patch
@@ -0,0 +1,46 @@
+From 02fbf47a85228c131f1b0575da091a01da700189 Mon Sep 17 00:00:00 2001
+From: vinay mishra <vmishra@redhat.com>
+Date: Mon, 18 May 2020 10:32:55 +0530
+Subject: [PATCH] Replaced 'enter' with 'insert'
+
+Resolves: https://github.com/SSSD/sssd/issues/5164
+
+Signed-off-by: vinay mishra <vmishra@redhat.com>
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/sss_client/pam_sss.c | 4 ++--
+ src/tests/intg/test_pam_responder.py | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
+index d4f0a8917..69b440774 100644
+--- a/src/sss_client/pam_sss.c
++++ b/src/sss_client/pam_sss.c
+@@ -2422,8 +2422,8 @@ static int get_authtok_for_password_change(pam_handle_t *pamh,
+ return PAM_SUCCESS;
+ }
+
+-#define SC_ENTER_LABEL_FMT "Please enter smart card labeled\n %s"
+-#define SC_ENTER_FMT "Please enter smart card"
++#define SC_ENTER_LABEL_FMT "Please insert smart card labeled\n %s"
++#define SC_ENTER_FMT "Please insert smart card"
+
+ static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
+ int retries, bool quiet_mode)
+diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py
+index 9b5e650ca..7a2458339 100644
+--- a/src/tests/intg/test_pam_responder.py
++++ b/src/tests/intg/test_pam_responder.py
+@@ -512,7 +512,7 @@ def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl):
+ assert end_time > start_time and \
+ (end_time - start_time) >= 20 and \
+ (end_time - start_time) < 40
+- assert out.find("Please enter smart card\nPlease enter smart card") != -1
++ assert out.find("Please insert smart card\nPlease insert smart card") != -1
+ assert err.find("pam_authenticate for user [user1]: Authentication " +
+ "service cannot retrieve authentication info") != -1
+
+--
+2.21.3
+
diff --git a/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch b/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch
deleted file mode 100644
index 212ff00..0000000
--- a/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-From bd201746f8cf0e95615b3e98868555451b5e66b8 Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Mon, 2 Dec 2019 11:11:52 +0100
-Subject: [PATCH] sdap: Add randomness to ldap connection timeout
-
-In case of mass deployment, mass registration of IPA clients roughly on
-the same time leads to regular CPU load spikes on IPA servers, the load
-spikes are caused by all/most clients refreshing their LDAP connections
-(ldap_connection_expire_timeout) every 15 minutes.
-
-This patch introduces new random value (from 0 up to
-ldap_connection_expire_offset) that is added to the timeout.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/3630
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/config/cfg_rules.ini | 1 +
- src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
- src/config/etc/sssd.api.d/sssd-ipa.conf | 1 +
- src/config/etc/sssd.api.d/sssd-ldap.conf | 1 +
- src/man/sssd-ldap.5.xml | 19 +++++++++++++++++++
- src/providers/ad/ad_opts.c | 1 +
- src/providers/ipa/ipa_opts.c | 1 +
- src/providers/ldap/ldap_opts.c | 1 +
- src/providers/ldap/sdap.h | 1 +
- src/providers/ldap/sdap_async_connection.c | 12 ++++++++++++
- 10 files changed, 39 insertions(+)
-
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index 8c73c89ac..c56d5a668 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -600,6 +600,7 @@ option = ldap_chpass_dns_service_name
- option = ldap_chpass_update_last_change
- option = ldap_chpass_uri
- option = ldap_connection_expire_timeout
-+option = ldap_connection_expire_offset
- option = ldap_default_authtok
- option = ldap_default_authtok_type
- option = ldap_default_bind_dn
-diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
-index 80e329b3b..aaa0b2345 100644
---- a/src/config/etc/sssd.api.d/sssd-ad.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
-@@ -58,6 +58,7 @@ ldap_deref = str, None, false
- ldap_page_size = int, None, false
- ldap_deref_threshold = int, None, false
- ldap_connection_expire_timeout = int, None, false
-+ldap_connection_expire_offset = int, None, false
- ldap_disable_paging = bool, None, false
- krb5_confd_path = str, None, false
- wildcard_limit = int, None, false
-diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
-index e2d46db75..7ed153d36 100644
---- a/src/config/etc/sssd.api.d/sssd-ipa.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
-@@ -52,6 +52,7 @@ ldap_deref = str, None, false
- ldap_page_size = int, None, false
- ldap_deref_threshold = int, None, false
- ldap_connection_expire_timeout = int, None, false
-+ldap_connection_expire_offset = int, None, false
- ldap_disable_paging = bool, None, false
- krb5_confd_path = str, None, false
- wildcard_limit = int, None, false
-diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
-index 01c1d7f12..4f73e901e 100644
---- a/src/config/etc/sssd.api.d/sssd-ldap.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
-@@ -36,6 +36,7 @@ ldap_deref_threshold = int, None, false
- ldap_sasl_canonicalize = bool, None, false
- ldap_sasl_minssf = int, None, false
- ldap_connection_expire_timeout = int, None, false
-+ldap_connection_expire_offset = int, None, false
- ldap_disable_paging = bool, None, false
- ldap_disable_range_retrieval = bool, None, false
- wildcard_limit = int, None, false
-diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
-index 6d1ae23ec..f8bb973c7 100644
---- a/src/man/sssd-ldap.5.xml
-+++ b/src/man/sssd-ldap.5.xml
-@@ -509,12 +509,31 @@
- the two values (this value vs. the TGT lifetime)
- will be used.
- </para>
-+ <para>
-+ This timeout can be extended of a random
-+ value specified by
-+ <emphasis>ldap_connection_expire_offset</emphasis>
-+ </para>
- <para>
- Default: 900 (15 minutes)
- </para>
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term>ldap_connection_expire_offset (integer)</term>
-+ <listitem>
-+ <para>
-+ Random offset between 0 and configured value
-+ is added to
-+ <emphasis>ldap_connection_expire_timeout</emphasis>.
-+ </para>
-+ <para>
-+ Default: 0
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- <varlistentry>
- <term>ldap_page_size (integer)</term>
- <listitem>
-diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
-index cd568e466..1293219ee 100644
---- a/src/providers/ad/ad_opts.c
-+++ b/src/providers/ad/ad_opts.c
-@@ -137,6 +137,7 @@ struct dp_option ad_def_ldap_opts[] = {
- { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER },
- { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER },
-+ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
- { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
- { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER },
-diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
-index 7974cb8ea..4fafa073d 100644
---- a/src/providers/ipa/ipa_opts.c
-+++ b/src/providers/ipa/ipa_opts.c
-@@ -147,6 +147,7 @@ struct dp_option ipa_def_ldap_opts[] = {
- { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER },
- { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER },
-+ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
- { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
- { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER },
-diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c
-index a20ec0d86..ffd0c6baa 100644
---- a/src/providers/ldap/ldap_opts.c
-+++ b/src/providers/ldap/ldap_opts.c
-@@ -107,6 +107,7 @@ struct dp_option default_basic_opts[] = {
- { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER },
- { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER },
-+ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
- { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
- { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER },
-diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
-index d0a19a660..f27b3c480 100644
---- a/src/providers/ldap/sdap.h
-+++ b/src/providers/ldap/sdap.h
-@@ -221,6 +221,7 @@ enum sdap_basic_opt {
- SDAP_DEREF_THRESHOLD,
- SDAP_SASL_CANONICALIZE,
- SDAP_EXPIRE_TIMEOUT,
-+ SDAP_EXPIRE_OFFSET,
- SDAP_DISABLE_PAGING,
- SDAP_IDMAP_LOWER,
- SDAP_IDMAP_UPPER,
-diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
-index 0260cba6f..7438d14a7 100644
---- a/src/providers/ldap/sdap_async_connection.c
-+++ b/src/providers/ldap/sdap_async_connection.c
-@@ -1803,6 +1803,8 @@ static void sdap_cli_auth_step(struct tevent_req *req)
- struct tevent_req *subreq;
- time_t now;
- int expire_timeout;
-+ int expire_offset;
-+
- const char *sasl_mech = dp_opt_get_string(state->opts->basic,
- SDAP_SASL_MECH);
- const char *user_dn = dp_opt_get_string(state->opts->basic,
-@@ -1832,6 +1834,16 @@ static void sdap_cli_auth_step(struct tevent_req *req)
- */
- now = time(NULL);
- expire_timeout = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_TIMEOUT);
-+ expire_offset = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_OFFSET);
-+ if (expire_offset > 0) {
-+ expire_timeout += sss_rand() % (expire_offset + 1);
-+ } else if (expire_offset < 0) {
-+ DEBUG(SSSDBG_MINOR_FAILURE,
-+ "Negative value [%d] of ldap_connection_expire_offset "
-+ "is not allowed.\n",
-+ expire_offset);
-+ }
-+
- DEBUG(SSSDBG_CONF_SETTINGS, "expire timeout is %d\n", expire_timeout);
- if (!state->sh->expire_time
- || (state->sh->expire_time > (now + expire_timeout))) {
---
-2.20.1
-
diff --git a/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch b/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
new file mode 100644
index 0000000..31c91ee
--- /dev/null
+++ b/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
@@ -0,0 +1,166 @@
+From aac4dbb17f3e19a2fbeefb38b3319827d3bf820e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 13 May 2020 13:13:43 +0200
+Subject: [PATCH] NSS client: preserve errno during _nss_sss_end* calls
+
+glibc does not expect that errno is changed by some of the calls
+provided by nss modules. This caused at least issues when
+_nss_sss_endpwent() is called in compat mode. According to
+https://pubs.opengroup.org/onlinepubs/9699919799/functions/endpwent.html
+endpwent() should only set errno in the case of an error. Since there is
+no other way to report an error we will set errno in the case of an
+error but preserve it otherwise. This should cause no issues because
+glibc is taking precautions as well tracked by
+https://sourceware.org/bugzilla/show_bug.cgi?id=25976.
+
+To be on the safe side the other _nss_sss_end* calls will show the same
+behavior.
+
+Resolves: https://github.com/SSSD/sssd/issues/5153
+
+Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
+---
+ src/sss_client/nss_group.c | 3 +++
+ src/sss_client/nss_hosts.c | 4 +++-
+ src/sss_client/nss_ipnetworks.c | 4 +++-
+ src/sss_client/nss_netgroup.c | 3 +++
+ src/sss_client/nss_passwd.c | 3 +++
+ src/sss_client/nss_services.c | 3 +++
+ 6 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c
+index 5ab2bdf78..4a201bf09 100644
+--- a/src/sss_client/nss_group.c
++++ b/src/sss_client/nss_group.c
+@@ -735,6 +735,7 @@ enum nss_status _nss_sss_endgrent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -745,6 +746,8 @@ enum nss_status _nss_sss_endgrent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c
+index 5e279468b..aa2676286 100644
+--- a/src/sss_client/nss_hosts.c
++++ b/src/sss_client/nss_hosts.c
+@@ -565,6 +565,7 @@ _nss_sss_endhostent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -575,9 +576,10 @@ _nss_sss_endhostent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+-
+ return nret;
+ }
+diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c
+index 15fee6039..08070499d 100644
+--- a/src/sss_client/nss_ipnetworks.c
++++ b/src/sss_client/nss_ipnetworks.c
+@@ -510,6 +510,7 @@ _nss_sss_endnetent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -520,10 +521,11 @@ _nss_sss_endnetent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+-
+ return nret;
+ }
+
+diff --git a/src/sss_client/nss_netgroup.c b/src/sss_client/nss_netgroup.c
+index 3a1834a31..2fc88f8ae 100644
+--- a/src/sss_client/nss_netgroup.c
++++ b/src/sss_client/nss_netgroup.c
+@@ -309,6 +309,7 @@ enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -319,6 +320,8 @@ enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c
+index 96368bd6e..c386dd370 100644
+--- a/src/sss_client/nss_passwd.c
++++ b/src/sss_client/nss_passwd.c
+@@ -455,6 +455,7 @@ enum nss_status _nss_sss_endpwent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -465,6 +466,8 @@ enum nss_status _nss_sss_endpwent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+diff --git a/src/sss_client/nss_services.c b/src/sss_client/nss_services.c
+index 13cb4c3ab..f8c2092cb 100644
+--- a/src/sss_client/nss_services.c
++++ b/src/sss_client/nss_services.c
+@@ -484,6 +484,7 @@ _nss_sss_endservent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -494,6 +495,8 @@ _nss_sss_endservent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+--
+2.21.3
+
diff --git a/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch b/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
deleted file mode 100644
index 6cf80bd..0000000
--- a/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 9beb736aac6aa21433a4541fb56e4fa7d7dbc462 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 26 Sep 2019 20:24:34 +0200
-Subject: [PATCH 10/13] ad: allow booleans for ad_inherit_opts_if_needed()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently ad_inherit_opts_if_needed() can only handle strings. With this
-patch it can handle boolean options as well.
-
-Related to https://pagure.io/SSSD/sssd/issue/4131
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_common.c | 23 ++++++++++++++++++++---
- 1 file changed, 20 insertions(+), 3 deletions(-)
-
-diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
-index 5540066d4..600e3ceb2 100644
---- a/src/providers/ad/ad_common.c
-+++ b/src/providers/ad/ad_common.c
-@@ -1479,9 +1479,26 @@ errno_t ad_inherit_opts_if_needed(struct dp_option *parent_opts,
- const char *parent_val = NULL;
- char *dummy = NULL;
- char *option_list[2] = { NULL, NULL };
--
-- parent_val = dp_opt_get_cstring(parent_opts, opt_id);
-- if (parent_val != NULL) {
-+ bool is_default = true;
-+
-+ switch (parent_opts[opt_id].type) {
-+ case DP_OPT_STRING:
-+ parent_val = dp_opt_get_cstring(parent_opts, opt_id);
-+ break;
-+ case DP_OPT_BOOL:
-+ /* For booleans it is hard to say if the option is set or not since
-+ * both possible values are valid ones. So we check if the value is
-+ * different from the default and skip if it is the default. In this
-+ * case the sub-domain option would either be the default as well or
-+ * manully set and in both cases we do not have to change it. */
-+ is_default = (parent_opts[opt_id].val.boolean
-+ == parent_opts[opt_id].def_val.boolean);
-+ break;
-+ default:
-+ DEBUG(SSSDBG_TRACE_FUNC, "Unsupported type, skipping.\n");
-+ }
-+
-+ if (parent_val != NULL || !is_default) {
- ret = confdb_get_string(cdb, NULL, subdom_conf_path,
- parent_opts[opt_id].opt_name, NULL, &dummy);
- if (ret != EOK) {
---
-2.20.1
-
diff --git a/SOURCES/0011-ad-add-ad_use_ldaps.patch b/SOURCES/0011-ad-add-ad_use_ldaps.patch
deleted file mode 100644
index 4b23943..0000000
--- a/SOURCES/0011-ad-add-ad_use_ldaps.patch
+++ /dev/null
@@ -1,438 +0,0 @@
-From da0be382d95f0bdbc6ad5ccb68503456c2ee858b Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 26 Sep 2019 20:27:09 +0200
-Subject: [PATCH 11/13] ad: add ad_use_ldaps
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-With this new boolean option the AD provider should only use the LDAPS
-port 636 and the Global Catalog port 3629 which is TLS protected as
-well.
-
-Related to https://pagure.io/SSSD/sssd/issue/4131
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/config/SSSDConfig/__init__.py.in | 1 +
- src/config/cfg_rules.ini | 1 +
- src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
- src/man/sssd-ad.5.xml | 20 +++++++++++++++++++
- src/providers/ad/ad_common.c | 24 +++++++++++++++++++----
- src/providers/ad/ad_common.h | 8 +++++++-
- src/providers/ad/ad_init.c | 8 +++++++-
- src/providers/ad/ad_opts.c | 1 +
- src/providers/ad/ad_srv.c | 16 ++++++++++++---
- src/providers/ad/ad_srv.h | 3 ++-
- src/providers/ad/ad_subdomains.c | 21 ++++++++++++++++++--
- src/providers/ipa/ipa_subdomains_server.c | 4 ++--
- 12 files changed, 94 insertions(+), 14 deletions(-)
-
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index eba89b461..84631862a 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -252,6 +252,7 @@ option_strings = {
- 'ad_site' : _('a particular site to be used by the client'),
- 'ad_maximum_machine_account_password_age' : _('Maximum age in days before the machine account password should be renewed'),
- 'ad_machine_account_password_renewal_opts' : _('Option for tuning the machine account renewal task'),
-+ 'ad_use_ldaps' : _('Use LDAPS port for LDAP and Global Catalog requests'),
-
- # [provider/krb5]
- 'krb5_kdcip' : _('Kerberos server address'),
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index c56d5a668..1034a1fd6 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -464,6 +464,7 @@ option = ad_machine_account_password_renewal_opts
- option = ad_maximum_machine_account_password_age
- option = ad_server
- option = ad_site
-+option = ad_use_ldaps
-
- # IPA provider specific options
- option = ipa_anchor_uuid
-diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
-index aaa0b2345..a2af72603 100644
---- a/src/config/etc/sssd.api.d/sssd-ad.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
-@@ -20,6 +20,7 @@ ad_gpo_default_right = str, None, false
- ad_site = str, None, false
- ad_maximum_machine_account_password_age = int, None, false
- ad_machine_account_password_renewal_opts = str, None, false
-+ad_use_ldaps = bool, None, false
- ldap_uri = str, None, false
- ldap_backup_uri = str, None, false
- ldap_search_base = str, None, false
-diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
-index fdcb4e4b9..ade56cd6d 100644
---- a/src/man/sssd-ad.5.xml
-+++ b/src/man/sssd-ad.5.xml
-@@ -1015,6 +1015,26 @@ ad_gpo_map_deny = +my_pam_service
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term>ad_use_ldaps (bool)</term>
-+ <listitem>
-+ <para>
-+ By default SSSD uses the plain LDAP port 389 and the
-+ Global Catalog port 3628. If this option is set to
-+ True SSSD will use the LDAPS port 636 and Global
-+ Catalog port 3629 with LDAPS protection. Since AD
-+ does not allow to have multiple encryption layers on
-+ a single connection and we still want to use
-+ SASL/GSSAPI or SASL/GSS-SPNEGO for authentication
-+ the SASL security property maxssf is set to 0 (zero)
-+ for those connections.
-+ </para>
-+ <para>
-+ Default: False
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- <varlistentry>
- <term>dyndns_update (boolean)</term>
- <listitem>
-diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
-index 600e3ceb2..a2369166a 100644
---- a/src/providers/ad/ad_common.c
-+++ b/src/providers/ad/ad_common.c
-@@ -729,6 +729,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
- const char *ad_gc_service,
- const char *ad_domain,
- bool use_kdcinfo,
-+ bool ad_use_ldaps,
- size_t n_lookahead_primary,
- size_t n_lookahead_backup,
- struct ad_service **_service)
-@@ -746,6 +747,16 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
- goto done;
- }
-
-+ if (ad_use_ldaps) {
-+ service->ldap_scheme = "ldaps";
-+ service->port = LDAPS_PORT;
-+ service->gc_port = AD_GC_LDAPS_PORT;
-+ } else {
-+ service->ldap_scheme = "ldap";
-+ service->port = LDAP_PORT;
-+ service->gc_port = AD_GC_PORT;
-+ }
-+
- service->sdap = talloc_zero(service, struct sdap_service);
- service->gc = talloc_zero(service, struct sdap_service);
- if (!service->sdap || !service->gc) {
-@@ -927,7 +938,8 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
- goto done;
- }
-
-- new_uri = talloc_asprintf(service->sdap, "ldap://%s", srv_name);
-+ new_uri = talloc_asprintf(service->sdap, "%s://%s", service->ldap_scheme,
-+ srv_name);
- if (!new_uri) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy URI\n");
- ret = ENOMEM;
-@@ -935,7 +947,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
- }
- DEBUG(SSSDBG_CONF_SETTINGS, "Constructed uri '%s'\n", new_uri);
-
-- sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
-+ sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, service->port);
- if (sockaddr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n");
- ret = EIO;
-@@ -951,8 +963,12 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
- talloc_zfree(service->gc->uri);
- talloc_zfree(service->gc->sockaddr);
- if (sdata && sdata->gc) {
-- new_port = fo_get_server_port(server);
-- new_port = (new_port == 0) ? AD_GC_PORT : new_port;
-+ if (service->gc_port == AD_GC_LDAPS_PORT) {
-+ new_port = service->gc_port;
-+ } else {
-+ new_port = fo_get_server_port(server);
-+ new_port = (new_port == 0) ? service->gc_port : new_port;
-+ }
-
- service->gc->uri = talloc_asprintf(service->gc, "%s:%d",
- new_uri, new_port);
-diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
-index 75f11de2e..820e06124 100644
---- a/src/providers/ad/ad_common.h
-+++ b/src/providers/ad/ad_common.h
-@@ -29,7 +29,8 @@
- #define AD_SERVICE_NAME "AD"
- #define AD_GC_SERVICE_NAME "AD_GC"
- /* The port the Global Catalog runs on */
--#define AD_GC_PORT 3268
-+#define AD_GC_PORT 3268
-+#define AD_GC_LDAPS_PORT 3269
-
- #define AD_AT_OBJECT_SID "objectSID"
- #define AD_AT_DNS_DOMAIN "DnsDomain"
-@@ -67,6 +68,7 @@ enum ad_basic_opt {
- AD_KRB5_CONFD_PATH,
- AD_MAXIMUM_MACHINE_ACCOUNT_PASSWORD_AGE,
- AD_MACHINE_ACCOUNT_PASSWORD_RENEWAL_OPTS,
-+ AD_USE_LDAPS,
-
- AD_OPTS_BASIC /* opts counter */
- };
-@@ -82,6 +84,9 @@ struct ad_service {
- struct sdap_service *sdap;
- struct sdap_service *gc;
- struct krb5_service *krb5_service;
-+ const char *ldap_scheme;
-+ int port;
-+ int gc_port;
- };
-
- struct ad_options {
-@@ -147,6 +152,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
- const char *ad_gc_service,
- const char *ad_domain,
- bool use_kdcinfo,
-+ bool ad_use_ldaps,
- size_t n_lookahead_primary,
- size_t n_lookahead_backup,
- struct ad_service **_service);
-diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
-index 290d5b5c1..2b4b9e2e7 100644
---- a/src/providers/ad/ad_init.c
-+++ b/src/providers/ad/ad_init.c
-@@ -138,6 +138,7 @@ static errno_t ad_init_options(TALLOC_CTX *mem_ctx,
- char *ad_servers = NULL;
- char *ad_backup_servers = NULL;
- char *ad_realm;
-+ bool ad_use_ldaps = false;
- errno_t ret;
-
- ad_sasl_initialize();
-@@ -154,12 +155,14 @@ static errno_t ad_init_options(TALLOC_CTX *mem_ctx,
- ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER);
- ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER);
- ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM);
-+ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS);
-
- /* Set up the failover service */
- ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers,
- ad_realm, AD_SERVICE_NAME, AD_GC_SERVICE_NAME,
- dp_opt_get_string(ad_options->basic, AD_DOMAIN),
- false, /* will be set in ad_get_auth_options() */
-+ ad_use_ldaps,
- (size_t) -1,
- (size_t) -1,
- &ad_options->service);
-@@ -184,11 +187,13 @@ static errno_t ad_init_srv_plugin(struct be_ctx *be_ctx,
- const char *ad_site_override;
- bool sites_enabled;
- errno_t ret;
-+ bool ad_use_ldaps;
-
- hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME);
- ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN);
- ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE);
- sites_enabled = dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES);
-+ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS);
-
-
- if (!sites_enabled) {
-@@ -205,7 +210,8 @@ static errno_t ad_init_srv_plugin(struct be_ctx *be_ctx,
- srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx, be_ctx->be_res,
- default_host_dbs, ad_options->id,
- hostname, ad_domain,
-- ad_site_override);
-+ ad_site_override,
-+ ad_use_ldaps);
- if (srv_ctx == NULL) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
- return ENOMEM;
-diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
-index 1293219ee..30f9b62fd 100644
---- a/src/providers/ad/ad_opts.c
-+++ b/src/providers/ad/ad_opts.c
-@@ -54,6 +54,7 @@ struct dp_option ad_basic_opts[] = {
- { "krb5_confd_path", DP_OPT_STRING, { KRB5_MAPPING_DIR }, NULL_STRING },
- { "ad_maximum_machine_account_password_age", DP_OPT_NUMBER, { .number = 30 }, NULL_NUMBER },
- { "ad_machine_account_password_renewal_opts", DP_OPT_STRING, { "86400:750" }, NULL_STRING },
-+ { "ad_use_ldaps", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- DP_OPTION_TERMINATOR
- };
-
-diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c
-index 5fd25f60e..ca15d3715 100644
---- a/src/providers/ad/ad_srv.c
-+++ b/src/providers/ad/ad_srv.c
-@@ -244,6 +244,7 @@ struct ad_get_client_site_state {
- enum host_database *host_db;
- struct sdap_options *opts;
- const char *ad_domain;
-+ bool ad_use_ldaps;
- struct fo_server_info *dcs;
- size_t num_dcs;
- size_t dc_index;
-@@ -264,6 +265,7 @@ struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx,
- enum host_database *host_db,
- struct sdap_options *opts,
- const char *ad_domain,
-+ bool ad_use_ldaps,
- struct fo_server_info *dcs,
- size_t num_dcs)
- {
-@@ -288,6 +290,7 @@ struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx,
- state->host_db = host_db;
- state->opts = opts;
- state->ad_domain = ad_domain;
-+ state->ad_use_ldaps = ad_use_ldaps;
- state->dcs = dcs;
- state->num_dcs = num_dcs;
-
-@@ -331,8 +334,11 @@ static errno_t ad_get_client_site_next_dc(struct tevent_req *req)
- subreq = sdap_connect_host_send(state, state->ev, state->opts,
- state->be_res->resolv,
- state->be_res->family_order,
-- state->host_db, "ldap", state->dc.host,
-- state->dc.port, false);
-+ state->host_db,
-+ state->ad_use_ldaps ? "ldaps" : "ldap",
-+ state->dc.host,
-+ state->ad_use_ldaps ? 636 : state->dc.port,
-+ false);
- if (subreq == NULL) {
- ret = ENOMEM;
- goto done;
-@@ -491,6 +497,7 @@ struct ad_srv_plugin_ctx {
- const char *ad_domain;
- const char *ad_site_override;
- const char *current_site;
-+ bool ad_use_ldaps;
- };
-
- struct ad_srv_plugin_ctx *
-@@ -501,7 +508,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
- struct sdap_options *opts,
- const char *hostname,
- const char *ad_domain,
-- const char *ad_site_override)
-+ const char *ad_site_override,
-+ bool ad_use_ldaps)
- {
- struct ad_srv_plugin_ctx *ctx = NULL;
- errno_t ret;
-@@ -515,6 +523,7 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
- ctx->be_res = be_res;
- ctx->host_dbs = host_dbs;
- ctx->opts = opts;
-+ ctx->ad_use_ldaps = ad_use_ldaps;
-
- ctx->hostname = talloc_strdup(ctx, hostname);
- if (ctx->hostname == NULL) {
-@@ -714,6 +723,7 @@ static void ad_srv_plugin_dcs_done(struct tevent_req *subreq)
- state->ctx->host_dbs,
- state->ctx->opts,
- state->discovery_domain,
-+ state->ctx->ad_use_ldaps,
- dcs, num_dcs);
- if (subreq == NULL) {
- ret = ENOMEM;
-diff --git a/src/providers/ad/ad_srv.h b/src/providers/ad/ad_srv.h
-index e553d594d..8e410ec26 100644
---- a/src/providers/ad/ad_srv.h
-+++ b/src/providers/ad/ad_srv.h
-@@ -31,7 +31,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
- struct sdap_options *opts,
- const char *hostname,
- const char *ad_domain,
-- const char *ad_site_override);
-+ const char *ad_site_override,
-+ bool ad_use_ldaps);
-
- struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index 2ce34489f..d8c201437 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -282,6 +282,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
- bool use_kdcinfo = false;
- size_t n_lookahead_primary = SSS_KRB5_LOOKAHEAD_PRIMARY_DEFAULT;
- size_t n_lookahead_backup = SSS_KRB5_LOOKAHEAD_BACKUP_DEFAULT;
-+ bool ad_use_ldaps = false;
-
- realm = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_KRB5_REALM);
- hostname = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_HOSTNAME);
-@@ -312,6 +313,21 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
- return ENOMEM;
- }
-
-+ ret = ad_inherit_opts_if_needed(id_ctx->ad_options->basic,
-+ ad_options->basic,
-+ be_ctx->cdb, subdom_conf_path,
-+ AD_USE_LDAPS);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to inherit option [%s] to sub-domain [%s]. "
-+ "This error is ignored but might cause issues or unexpected "
-+ "behavior later on.\n",
-+ id_ctx->ad_options->basic[AD_USE_LDAPS].opt_name,
-+ subdom->name);
-+
-+ return ret;
-+ }
-+
- ret = ad_inherit_opts_if_needed(id_ctx->sdap_id_ctx->opts->basic,
- ad_options->id->basic,
- be_ctx->cdb, subdom_conf_path,
-@@ -344,6 +360,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
-
- servers = dp_opt_get_string(ad_options->basic, AD_SERVER);
- backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER);
-+ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS);
-
- if (id_ctx->ad_options->auth_ctx != NULL
- && id_ctx->ad_options->auth_ctx->opts != NULL) {
-@@ -362,7 +379,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
-
- ret = ad_failover_init(ad_options, be_ctx, servers, backup_servers,
- subdom->realm, service_name, gc_service_name,
-- subdom->name, use_kdcinfo,
-+ subdom->name, use_kdcinfo, ad_use_ldaps,
- n_lookahead_primary,
- n_lookahead_backup,
- &ad_options->service);
-@@ -386,7 +403,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
- ad_id_ctx->ad_options->id,
- hostname,
- ad_domain,
-- ad_site_override);
-+ ad_site_override, ad_use_ldaps);
- if (srv_ctx == NULL) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
- return ENOMEM;
-diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c
-index fd998877b..9aebf72a5 100644
---- a/src/providers/ipa/ipa_subdomains_server.c
-+++ b/src/providers/ipa/ipa_subdomains_server.c
-@@ -319,7 +319,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
- ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers,
- subdom->realm,
- service_name, gc_service_name,
-- subdom->name, use_kdcinfo,
-+ subdom->name, use_kdcinfo, false,
- n_lookahead_primary, n_lookahead_backup,
- &ad_options->service);
- if (ret != EOK) {
-@@ -344,7 +344,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
- ad_id_ctx->ad_options->id,
- id_ctx->server_mode->hostname,
- ad_domain,
-- ad_site_override);
-+ ad_site_override, false);
- if (srv_ctx == NULL) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
- return ENOMEM;
---
-2.20.1
-
diff --git a/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch b/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch
new file mode 100644
index 0000000..dc2b0e6
--- /dev/null
+++ b/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch
@@ -0,0 +1,43 @@
+From df632eec450791559a4a7644f241964397c10ff9 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 5 Jun 2020 13:59:25 +0200
+Subject: [PATCH] ipa: add failover to subdomain override lookups
+
+In the ipa_subdomain_account request failover handling was missing.
+
+Related to https://github.com/SSSD/sssd/issues/5075
+ (was https://pagure.io/SSSD/sssd/issue/4114)
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/providers/ipa/ipa_subdomains_id.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
+index 1224c7b73..36f32fae8 100644
+--- a/src/providers/ipa/ipa_subdomains_id.c
++++ b/src/providers/ipa/ipa_subdomains_id.c
+@@ -208,6 +208,20 @@ static void ipa_subdomain_account_got_override(struct tevent_req *subreq)
+ &state->override_attrs);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
++ ret = sdap_id_op_done(state->op, ret, &dp_error);
++
++ if (dp_error == DP_ERR_OK && ret != EOK) {
++ /* retry */
++ subreq = sdap_id_op_connect_send(state->op, state, &ret);
++ if (subreq == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_connect_send failed.\n");
++ goto fail;
++ }
++ tevent_req_set_callback(subreq, ipa_subdomain_account_connected,
++ req);
++ return;
++ }
++
+ DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);
+ goto fail;
+ }
+--
+2.21.3
+
diff --git a/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch b/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch
new file mode 100644
index 0000000..39b2e20
--- /dev/null
+++ b/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch
@@ -0,0 +1,132 @@
+From dce025b882db7247571b135e928afb47f069a60f Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 27 Feb 2020 06:54:21 +0100
+Subject: [PATCH] GPO: fix link order in a SOM
+
+GPOs of the same OU were applied in the wrong order. Details about how
+GPOs should be processed can be found e.g. at
+https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)
+
+Resolves: https://github.com/SSSD/sssd/issues/5103
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/providers/ad/ad_gpo.c | 59 +++++++++++++++++++++++++++++----------
+ 1 file changed, 45 insertions(+), 14 deletions(-)
+
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index bbe8d8a1e..1524c4bfc 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -3511,14 +3511,19 @@ ad_gpo_process_som_recv(struct tevent_req *req,
+ * - GPOs linked to an OU will be applied after GPOs linked to a Domain,
+ * which will be applied after GPOs linked to a Site.
+ * - multiple GPOs linked to a single SOM are applied in their link order
+- * (i.e. 1st GPO linked to SOM is applied after 2nd GPO linked to SOM, etc).
++ * (i.e. 1st GPO linked to SOM is applied before 2nd GPO linked to SOM, etc).
+ * - enforced GPOs are applied after unenforced GPOs.
+ *
+ * As such, the _candidate_gpos output's dn fields looks like (in link order):
+- * [unenforced {Site, Domain, OU}; enforced {Site, Domain, OU}]
++ * [unenforced {Site, Domain, OU}; enforced {OU, Domain, Site}]
+ *
+ * Note that in the case of conflicting policy settings, GPOs appearing later
+- * in the list will trump GPOs appearing earlier in the list.
++ * in the list will trump GPOs appearing earlier in the list. Therefore the
++ * enforced GPOs are applied in revers order after the unenforced GPOs to
++ * make sure the enforced setting form the highest level will be applied.
++ *
++ * GPO processing details can be found e.g. at
++ * https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)
+ */
+ static errno_t
+ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+@@ -3542,6 +3547,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ int i = 0;
+ int j = 0;
+ int ret;
++ size_t som_count = 0;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+@@ -3568,6 +3574,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ }
+ i++;
+ }
++ som_count = i;
+
+ num_candidate_gpos = num_enforced + num_unenforced;
+
+@@ -3590,9 +3597,43 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
++ i = som_count -1 ;
++ while (i >= 0) {
++ gp_som = som_list[i];
++
++ /* For unenforced_gpo_dns the most specific GPOs with the highest
++ * priority should be the last. We start with the top-level SOM and go
++ * down to the most specific one and add the unenforced following the
++ * gplink_list where the GPO with the highest priority comes last. */
++ j = 0;
++ while (gp_som && gp_som->gplink_list && gp_som->gplink_list[j]) {
++ gp_gplink = gp_som->gplink_list[j];
++
++ if (!gp_gplink->enforced) {
++ unenforced_gpo_dns[unenforced_idx] =
++ talloc_steal(unenforced_gpo_dns, gp_gplink->gpo_dn);
++
++ if (unenforced_gpo_dns[unenforced_idx] == NULL) {
++ ret = ENOMEM;
++ goto done;
++ }
++ unenforced_idx++;
++ }
++ j++;
++ }
++ i--;
++ }
++
+ i = 0;
+ while (som_list[i]) {
+ gp_som = som_list[i];
++
++ /* For enforced GPOs we start processing with the most specific SOM to
++ * make sur enforced GPOs from higher levels override to lower level
++ * ones. According to the 'Group Policy Inheritance' tab in the
++ * Windows 'Goup Policy Management' utility in the same SOM the link
++ * order is still observed and an enforced GPO with a lower link order
++ * value still overrides an enforced GPO with a higher link order. */
+ j = 0;
+ while (gp_som && gp_som->gplink_list && gp_som->gplink_list[j]) {
+ gp_gplink = gp_som->gplink_list[j];
+@@ -3610,16 +3651,6 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+ enforced_idx++;
+- } else {
+-
+- unenforced_gpo_dns[unenforced_idx] =
+- talloc_steal(unenforced_gpo_dns, gp_gplink->gpo_dn);
+-
+- if (unenforced_gpo_dns[unenforced_idx] == NULL) {
+- ret = ENOMEM;
+- goto done;
+- }
+- unenforced_idx++;
+ }
+ j++;
+ }
+@@ -3638,7 +3669,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ }
+
+ gpo_dn_idx = 0;
+- for (i = num_unenforced - 1; i >= 0; i--) {
++ for (i = 0; i < num_unenforced; i++) {
+ candidate_gpos[gpo_dn_idx] = talloc_zero(candidate_gpos, struct gp_gpo);
+ if (candidate_gpos[gpo_dn_idx] == NULL) {
+ ret = ENOMEM;
+--
+2.21.3
+
diff --git a/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch b/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch
deleted file mode 100644
index 311e5ea..0000000
--- a/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From 4c855d55944087cb2317c681f1dc78953ec95c4e Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 27 Sep 2019 11:49:59 +0200
-Subject: [PATCH 12/13] ldap: add new option ldap_sasl_maxssf
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There is already the ldap_sasl_minssf option. To be able to control the
-maximal security strength factor (ssf) e.g. when using SASL together
-with TLS the option ldap_sasl_maxssf is added as well.
-
-Related to https://pagure.io/SSSD/sssd/issue/4131
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/config/SSSDConfig/__init__.py.in | 1 +
- src/config/cfg_rules.ini | 1 +
- src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
- src/config/etc/sssd.api.d/sssd-ipa.conf | 1 +
- src/config/etc/sssd.api.d/sssd-ldap.conf | 1 +
- src/man/sssd-ldap.5.xml | 16 ++++++++++++++++
- src/providers/ad/ad_opts.c | 1 +
- src/providers/ipa/ipa_opts.c | 1 +
- src/providers/ldap/ldap_opts.c | 1 +
- src/providers/ldap/sdap.h | 1 +
- src/providers/ldap/sdap_async_connection.c | 14 ++++++++++++++
- 11 files changed, 39 insertions(+)
-
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index 84631862a..a1b088bc4 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -305,6 +305,7 @@ option_strings = {
- 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'),
- 'ldap_sasl_realm' : _('Specify the sasl authorization realm to use'),
- 'ldap_sasl_minssf' : _('Specify the minimal SSF for LDAP sasl authorization'),
-+ 'ldap_sasl_maxssf' : _('Specify the maximal SSF for LDAP sasl authorization'),
- 'ldap_krb5_keytab' : _('Kerberos service keytab'),
- 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'),
- 'ldap_referrals' : _('Follow LDAP referrals'),
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index 1034a1fd6..fd5336db7 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -664,6 +664,7 @@ option = ldap_sasl_authid
- option = ldap_sasl_canonicalize
- option = ldap_sasl_mech
- option = ldap_sasl_minssf
-+option = ldap_sasl_maxssf
- option = ldap_schema
- option = ldap_pwmodify_mode
- option = ldap_search_base
-diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
-index a2af72603..d6443e200 100644
---- a/src/config/etc/sssd.api.d/sssd-ad.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
-@@ -41,6 +41,7 @@ ldap_tls_reqcert = str, None, false
- ldap_sasl_mech = str, None, false
- ldap_sasl_authid = str, None, false
- ldap_sasl_minssf = int, None, false
-+ldap_sasl_maxssf = int, None, false
- krb5_kdcip = str, None, false
- krb5_server = str, None, false
- krb5_backup_server = str, None, false
-diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
-index 7ed153d36..839f9f471 100644
---- a/src/config/etc/sssd.api.d/sssd-ipa.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
-@@ -32,6 +32,7 @@ ldap_tls_reqcert = str, None, false
- ldap_sasl_mech = str, None, false
- ldap_sasl_authid = str, None, false
- ldap_sasl_minssf = int, None, false
-+ldap_sasl_maxssf = int, None, false
- krb5_kdcip = str, None, false
- krb5_server = str, None, false
- krb5_backup_server = str, None, false
-diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
-index 4f73e901e..6db9828b9 100644
---- a/src/config/etc/sssd.api.d/sssd-ldap.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
-@@ -35,6 +35,7 @@ ldap_page_size = int, None, false
- ldap_deref_threshold = int, None, false
- ldap_sasl_canonicalize = bool, None, false
- ldap_sasl_minssf = int, None, false
-+ldap_sasl_maxssf = int, None, false
- ldap_connection_expire_timeout = int, None, false
- ldap_connection_expire_offset = int, None, false
- ldap_disable_paging = bool, None, false
-diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
-index f8bb973c7..0dc675410 100644
---- a/src/man/sssd-ldap.5.xml
-+++ b/src/man/sssd-ldap.5.xml
-@@ -612,6 +612,22 @@
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term>ldap_sasl_maxssf (integer)</term>
-+ <listitem>
-+ <para>
-+ When communicating with an LDAP server using SASL,
-+ specify the maximal security level necessary to
-+ establish the connection. The values of this
-+ option are defined by OpenLDAP.
-+ </para>
-+ <para>
-+ Default: Use the system default (usually specified
-+ by ldap.conf)
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- <varlistentry>
- <term>ldap_deref_threshold (integer)</term>
- <listitem>
-diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
-index 30f9b62fd..905a15cd0 100644
---- a/src/providers/ad/ad_opts.c
-+++ b/src/providers/ad/ad_opts.c
-@@ -105,6 +105,7 @@ struct dp_option ad_def_ldap_opts[] = {
- { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
-+ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
- { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
- /* use the same parm name as the krb5 module so we set it only once */
-diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
-index 4fafa073d..55de6e600 100644
---- a/src/providers/ipa/ipa_opts.c
-+++ b/src/providers/ipa/ipa_opts.c
-@@ -114,6 +114,7 @@ struct dp_option ipa_def_ldap_opts[] = {
- { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = 56 }, NULL_NUMBER },
-+ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
- { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
- /* use the same parm name as the krb5 module so we set it only once */
-diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c
-index ffd0c6baa..d1b4e98ad 100644
---- a/src/providers/ldap/ldap_opts.c
-+++ b/src/providers/ldap/ldap_opts.c
-@@ -74,6 +74,7 @@ struct dp_option default_basic_opts[] = {
- { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
-+ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
- { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
- /* use the same parm name as the krb5 module so we set it only once */
-diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
-index f27b3c480..808a2c400 100644
---- a/src/providers/ldap/sdap.h
-+++ b/src/providers/ldap/sdap.h
-@@ -192,6 +192,7 @@ enum sdap_basic_opt {
- SDAP_SASL_AUTHID,
- SDAP_SASL_REALM,
- SDAP_SASL_MINSSF,
-+ SDAP_SASL_MAXSSF,
- SDAP_KRB5_KEYTAB,
- SDAP_KRB5_KINIT,
- SDAP_KRB5_KDC,
-diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
-index 7438d14a7..5f69cedcc 100644
---- a/src/providers/ldap/sdap_async_connection.c
-+++ b/src/providers/ldap/sdap_async_connection.c
-@@ -148,6 +148,8 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
- const char *sasl_mech;
- int sasl_minssf;
- ber_len_t ber_sasl_minssf;
-+ int sasl_maxssf;
-+ ber_len_t ber_sasl_maxssf;
-
- ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd);
- talloc_zfree(subreq);
-@@ -291,6 +293,18 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
- goto fail;
- }
- }
-+
-+ sasl_maxssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MAXSSF);
-+ if (sasl_maxssf >= 0) {
-+ ber_sasl_maxssf = (ber_len_t)sasl_maxssf;
-+ lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MAX,
-+ &ber_sasl_maxssf);
-+ if (lret != LDAP_OPT_SUCCESS) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set LDAP MAX SSF option "
-+ "to %d\n", sasl_maxssf);
-+ goto fail;
-+ }
-+ }
- }
-
- /* if we do not use start_tls the connection is not really connected yet
---
-2.20.1
-
diff --git a/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch b/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch
deleted file mode 100644
index 8a1a42d..0000000
--- a/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From d702d594e380a1d0f0e937524bdd8a3eabc9bdf1 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 27 Sep 2019 13:45:13 +0200
-Subject: [PATCH 13/13] ad: set min and max ssf for ldaps
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-AD does not allow to use encryption in the TLS and SASL layer at the
-same time. To be able to use ldaps this patch sets min and max ssf to 0
-if ldaps should be used.
-
-Related to https://pagure.io/SSSD/sssd/issue/4131
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_common.c | 21 +++++++++++++++++++++
- src/providers/ad/ad_common.h | 2 ++
- src/providers/ad/ad_subdomains.c | 4 ++++
- 3 files changed, 27 insertions(+)
-
-diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
-index a2369166a..51300f5b2 100644
---- a/src/providers/ad/ad_common.c
-+++ b/src/providers/ad/ad_common.c
-@@ -1021,6 +1021,23 @@ done:
- return;
- }
-
-+void ad_set_ssf_for_ldaps(struct sdap_options *id_opts)
-+{
-+ int ret;
-+
-+ DEBUG(SSSDBG_TRACE_ALL, "Setting ssf for ldaps usage.\n");
-+ ret = dp_opt_set_int(id_opts->basic, SDAP_SASL_MINSSF, 0);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to set SASL minssf for ldaps usage, ignored.\n");
-+ }
-+ ret = dp_opt_set_int(id_opts->basic, SDAP_SASL_MAXSSF, 0);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to set SASL maxssf for ldaps usage, ignored.\n");
-+ }
-+}
-+
- static errno_t
- ad_set_sdap_options(struct ad_options *ad_opts,
- struct sdap_options *id_opts)
-@@ -1079,6 +1096,10 @@ ad_set_sdap_options(struct ad_options *ad_opts,
- goto done;
- }
-
-+ if (dp_opt_get_bool(ad_opts->basic, AD_USE_LDAPS)) {
-+ ad_set_ssf_for_ldaps(id_opts);
-+ }
-+
- /* Warn if the user is doing something silly like overriding the schema
- * with the AD provider
- */
-diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
-index 820e06124..d23aee616 100644
---- a/src/providers/ad/ad_common.h
-+++ b/src/providers/ad/ad_common.h
-@@ -181,6 +181,8 @@ errno_t
- ad_get_dyndns_options(struct be_ctx *be_ctx,
- struct ad_options *ad_opts);
-
-+void ad_set_ssf_for_ldaps(struct sdap_options *id_opts);
-+
- struct ad_id_ctx *
- ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx);
-
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index d8c201437..a9c6b9f28 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -328,6 +328,10 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
- return ret;
- }
-
-+ if (dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS)) {
-+ ad_set_ssf_for_ldaps(ad_options->id);
-+ }
-+
- ret = ad_inherit_opts_if_needed(id_ctx->sdap_id_ctx->opts->basic,
- ad_options->id->basic,
- be_ctx->cdb, subdom_conf_path,
---
-2.20.1
-
diff --git a/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch b/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
new file mode 100644
index 0000000..c16d932
--- /dev/null
+++ b/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
@@ -0,0 +1,58 @@
+From 8ca799ea968e548337acb0300642a0d88f1bba9b Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 15:47:35 +0200
+Subject: [PATCH 13/19] sysdb: make sysdb_update_subdomains() more robust
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some NULL checks are added basically to allow that missing values can be
+set later.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/db/sysdb_subdomains.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
+index b170d1978..d256817a6 100644
+--- a/src/db/sysdb_subdomains.c
++++ b/src/db/sysdb_subdomains.c
+@@ -421,7 +421,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+ }
+
+ /* in theory these may change, but it should never happen */
+- if (strcasecmp(dom->realm, realm) != 0) {
++ if ((dom->realm == NULL && realm != NULL)
++ || (dom->realm != NULL && realm != NULL
++ && strcasecmp(dom->realm, realm) != 0)) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Realm name changed from [%s] to [%s]!\n",
+ dom->realm, realm);
+@@ -432,7 +434,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+ goto done;
+ }
+ }
+- if (strcasecmp(dom->flat_name, flat) != 0) {
++ if ((dom->flat_name == NULL && flat != NULL)
++ || (dom->flat_name != NULL && flat != NULL
++ && strcasecmp(dom->flat_name, flat) != 0)) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Flat name changed from [%s] to [%s]!\n",
+ dom->flat_name, flat);
+@@ -443,7 +447,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+ goto done;
+ }
+ }
+- if (strcasecmp(dom->domain_id, id) != 0) {
++ if ((dom->domain_id == NULL && id != NULL)
++ || (dom->domain_id != NULL && id != NULL
++ && strcasecmp(dom->domain_id, id) != 0)) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Domain changed from [%s] to [%s]!\n",
+ dom->domain_id, id);
+--
+2.21.3
+
diff --git a/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch b/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch
deleted file mode 100644
index d470f4e..0000000
--- a/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 007d5b79b7aef67dd843ed9a3b65095faaeb580f Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Wed, 22 Jan 2020 09:43:21 +0000
-Subject: [PATCH] BE_REFRESH: Do not try to refresh domains from other backends
-
-We cannot refresh domains from different sssd_be processes.
-We can refresh just subdomains
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/4142
-
-Merges: https://pagure.io/SSSD/sssd/pull-request/4139
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/providers/be_refresh.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c
-index 6cce38390..5e43571ce 100644
---- a/src/providers/be_refresh.c
-+++ b/src/providers/be_refresh.c
-@@ -385,6 +385,10 @@ static errno_t be_refresh_step(struct tevent_req *req)
- if (state->index == BE_REFRESH_TYPE_SENTINEL) {
- state->domain = get_next_domain(state->domain,
- SSS_GND_DESCEND);
-+ /* we can update just subdomains */
-+ if (state->domain != NULL && !IS_SUBDOMAIN(state->domain)) {
-+ break;
-+ }
- state->index = 0;
- continue;
- }
---
-2.20.1
-
diff --git a/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch b/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
new file mode 100644
index 0000000..5674c81
--- /dev/null
+++ b/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
@@ -0,0 +1,334 @@
+From d3089173dd8be85a83cf0236e116ba8e11326a6d Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 16:51:02 +0200
+Subject: [PATCH 14/19] ad: rename ad_master_domain_* to ad_domain_info_*
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The ad_master_domain_{send|recv} are not specific to the master domain
+so a more generic name seems to be suitable.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_domain_info.c | 64 +++++++++++++++----------------
+ src/providers/ad/ad_domain_info.h | 10 ++---
+ src/providers/ad/ad_gpo.c | 8 ++--
+ src/providers/ad/ad_id.c | 14 +++----
+ src/providers/ad/ad_resolver.c | 8 ++--
+ src/providers/ad/ad_subdomains.c | 8 ++--
+ 6 files changed, 56 insertions(+), 56 deletions(-)
+
+diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
+index 5302c8083..52b2e2442 100644
+--- a/src/providers/ad/ad_domain_info.c
++++ b/src/providers/ad/ad_domain_info.c
+@@ -175,7 +175,7 @@ done:
+ return ret;
+ }
+
+-struct ad_master_domain_state {
++struct ad_domain_info_state {
+ struct tevent_context *ev;
+ struct sdap_id_conn_ctx *conn;
+ struct sdap_id_op *id_op;
+@@ -191,22 +191,22 @@ struct ad_master_domain_state {
+ char *sid;
+ };
+
+-static errno_t ad_master_domain_next(struct tevent_req *req);
+-static void ad_master_domain_next_done(struct tevent_req *subreq);
+-static void ad_master_domain_netlogon_done(struct tevent_req *req);
++static errno_t ad_domain_info_next(struct tevent_req *req);
++static void ad_domain_info_next_done(struct tevent_req *subreq);
++static void ad_domain_info_netlogon_done(struct tevent_req *req);
+
+ struct tevent_req *
+-ad_master_domain_send(TALLOC_CTX *mem_ctx,
+- struct tevent_context *ev,
+- struct sdap_id_conn_ctx *conn,
+- struct sdap_id_op *op,
+- const char *dom_name)
++ad_domain_info_send(TALLOC_CTX *mem_ctx,
++ struct tevent_context *ev,
++ struct sdap_id_conn_ctx *conn,
++ struct sdap_id_op *op,
++ const char *dom_name)
+ {
+ errno_t ret;
+ struct tevent_req *req;
+- struct ad_master_domain_state *state;
++ struct ad_domain_info_state *state;
+
+- req = tevent_req_create(mem_ctx, &state, struct ad_master_domain_state);
++ req = tevent_req_create(mem_ctx, &state, struct ad_domain_info_state);
+ if (!req) return NULL;
+
+ state->ev = ev;
+@@ -216,7 +216,7 @@ ad_master_domain_send(TALLOC_CTX *mem_ctx,
+ state->opts = conn->id_ctx->opts;
+ state->dom_name = dom_name;
+
+- ret = ad_master_domain_next(req);
++ ret = ad_domain_info_next(req);
+ if (ret != EOK && ret != EAGAIN) {
+ goto immediate;
+ }
+@@ -234,14 +234,14 @@ immediate:
+ }
+
+ static errno_t
+-ad_master_domain_next(struct tevent_req *req)
++ad_domain_info_next(struct tevent_req *req)
+ {
+ struct tevent_req *subreq;
+ struct sdap_search_base *base;
+ const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL};
+
+- struct ad_master_domain_state *state =
+- tevent_req_data(req, struct ad_master_domain_state);
++ struct ad_domain_info_state *state =
++ tevent_req_data(req, struct ad_domain_info_state);
+
+ base = state->opts->sdom->search_bases[state->base_iter];
+ if (base == NULL) {
+@@ -261,13 +261,13 @@ ad_master_domain_next(struct tevent_req *req)
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n");
+ return ENOMEM;
+ }
+- tevent_req_set_callback(subreq, ad_master_domain_next_done, req);
++ tevent_req_set_callback(subreq, ad_domain_info_next_done, req);
+
+ return EAGAIN;
+ }
+
+ static void
+-ad_master_domain_next_done(struct tevent_req *subreq)
++ad_domain_info_next_done(struct tevent_req *subreq)
+ {
+ errno_t ret;
+ size_t reply_count;
+@@ -281,8 +281,8 @@ ad_master_domain_next_done(struct tevent_req *subreq)
+
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+- struct ad_master_domain_state *state =
+- tevent_req_data(req, struct ad_master_domain_state);
++ struct ad_domain_info_state *state =
++ tevent_req_data(req, struct ad_domain_info_state);
+
+ ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
+ talloc_zfree(subreq);
+@@ -293,7 +293,7 @@ ad_master_domain_next_done(struct tevent_req *subreq)
+
+ if (reply_count == 0) {
+ state->base_iter++;
+- ret = ad_master_domain_next(req);
++ ret = ad_domain_info_next(req);
+ if (ret == EAGAIN) {
+ /* Async request will get us back here again */
+ return;
+@@ -362,7 +362,7 @@ ad_master_domain_next_done(struct tevent_req *subreq)
+ goto done;
+ }
+
+- tevent_req_set_callback(subreq, ad_master_domain_netlogon_done, req);
++ tevent_req_set_callback(subreq, ad_domain_info_netlogon_done, req);
+ return;
+
+ done:
+@@ -370,7 +370,7 @@ done:
+ }
+
+ static void
+-ad_master_domain_netlogon_done(struct tevent_req *subreq)
++ad_domain_info_netlogon_done(struct tevent_req *subreq)
+ {
+ int ret;
+ size_t reply_count;
+@@ -378,8 +378,8 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq)
+
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+- struct ad_master_domain_state *state =
+- tevent_req_data(req, struct ad_master_domain_state);
++ struct ad_domain_info_state *state =
++ tevent_req_data(req, struct ad_domain_info_state);
+
+ ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
+ talloc_zfree(subreq);
+@@ -422,15 +422,15 @@ done:
+ }
+
+ errno_t
+-ad_master_domain_recv(struct tevent_req *req,
+- TALLOC_CTX *mem_ctx,
+- char **_flat,
+- char **_id,
+- char **_site,
+- char **_forest)
++ad_domain_info_recv(struct tevent_req *req,
++ TALLOC_CTX *mem_ctx,
++ char **_flat,
++ char **_id,
++ char **_site,
++ char **_forest)
+ {
+- struct ad_master_domain_state *state = tevent_req_data(req,
+- struct ad_master_domain_state);
++ struct ad_domain_info_state *state = tevent_req_data(req,
++ struct ad_domain_info_state);
+
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+
+diff --git a/src/providers/ad/ad_domain_info.h b/src/providers/ad/ad_domain_info.h
+index b96e8a3c3..631e543f5 100644
+--- a/src/providers/ad/ad_domain_info.h
++++ b/src/providers/ad/ad_domain_info.h
+@@ -22,22 +22,22 @@
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+-#ifndef _AD_MASTER_DOMAIN_H_
+-#define _AD_MASTER_DOMAIN_H_
++#ifndef _AD_DOMAIN_INFO_H_
++#define _AD_DOMAIN_INFO_H_
+
+ struct tevent_req *
+-ad_master_domain_send(TALLOC_CTX *mem_ctx,
++ad_domain_info_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct sdap_id_conn_ctx *conn,
+ struct sdap_id_op *op,
+ const char *dom_name);
+
+ errno_t
+-ad_master_domain_recv(struct tevent_req *req,
++ad_domain_info_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ char **_flat,
+ char **_id,
+ char **_site,
+ char **_forest);
+
+-#endif /* _AD_MASTER_DOMAIN_H_ */
++#endif /* _AD_DOMAIN_INFO_H_ */
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index 1524c4bfc..53560a754 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -3151,11 +3151,11 @@ ad_gpo_process_som_send(TALLOC_CTX *mem_ctx,
+ goto immediately;
+ }
+
+- subreq = ad_master_domain_send(state, state->ev, conn,
+- state->sdap_op, domain_name);
++ subreq = ad_domain_info_send(state, state->ev, conn,
++ state->sdap_op, domain_name);
+
+ if (subreq == NULL) {
+- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
++ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
+ ret = ENOMEM;
+ goto immediately;
+ }
+@@ -3188,7 +3188,7 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq)
+ state = tevent_req_data(req, struct ad_gpo_process_som_state);
+
+ /* gpo code only cares about the site name */
+- ret = ad_master_domain_recv(subreq, state, NULL, NULL, &site, NULL);
++ ret = ad_domain_info_recv(subreq, state, NULL, NULL, &site, NULL);
+ talloc_zfree(subreq);
+
+ if (ret != EOK || site == NULL) {
+diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
+index 84e5c42ac..ca6486e03 100644
+--- a/src/providers/ad/ad_id.c
++++ b/src/providers/ad/ad_id.c
+@@ -663,12 +663,12 @@ ad_enumeration_conn_done(struct tevent_req *subreq)
+ return;
+ }
+
+- subreq = ad_master_domain_send(state, state->ev,
+- state->id_ctx->ldap_ctx,
+- state->sdap_op,
+- state->sdom->dom->name);
++ subreq = ad_domain_info_send(state, state->ev,
++ state->id_ctx->ldap_ctx,
++ state->sdap_op,
++ state->sdom->dom->name);
+ if (subreq == NULL) {
+- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
++ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
+ tevent_req_error(req, ret);
+ return;
+ }
+@@ -687,8 +687,8 @@ ad_enumeration_master_done(struct tevent_req *subreq)
+ char *master_sid;
+ char *forest;
+
+- ret = ad_master_domain_recv(subreq, state,
+- &flat_name, &master_sid, NULL, &forest);
++ ret = ad_domain_info_recv(subreq, state,
++ &flat_name, &master_sid, NULL, &forest);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
+diff --git a/src/providers/ad/ad_resolver.c b/src/providers/ad/ad_resolver.c
+index b58f08ecf..c87706094 100644
+--- a/src/providers/ad/ad_resolver.c
++++ b/src/providers/ad/ad_resolver.c
+@@ -317,10 +317,10 @@ ad_resolver_enumeration_conn_done(struct tevent_req *subreq)
+ return;
+ }
+
+- subreq = ad_master_domain_send(state, state->ev, id_ctx->conn,
+- state->sdap_op, state->sdom->dom->name);
++ subreq = ad_domain_info_send(state, state->ev, id_ctx->conn,
++ state->sdap_op, state->sdom->dom->name);
+ if (subreq == NULL) {
+- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
++ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
+ tevent_req_error(req, ret);
+ return;
+ }
+@@ -346,7 +346,7 @@ ad_resolver_enumeration_master_done(struct tevent_req *subreq)
+ char *forest;
+ struct ad_id_ctx *ad_id_ctx;
+
+- ret = ad_master_domain_recv(subreq, state,
++ ret = ad_domain_info_recv(subreq, state,
+ &flat_name, &master_sid, NULL, &forest);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index 06fbdb0ef..c53962283 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -1756,8 +1756,8 @@ static void ad_subdomains_refresh_connect_done(struct tevent_req *subreq)
+ }
+
+ /* connect to the DC we are a member of */
+- subreq = ad_master_domain_send(state, state->ev, state->id_ctx->conn,
+- state->sdap_op, state->sd_ctx->domain_name);
++ subreq = ad_domain_info_send(state, state->ev, state->id_ctx->conn,
++ state->sdap_op, state->sd_ctx->domain_name);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+@@ -1779,8 +1779,8 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq)
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct ad_subdomains_refresh_state);
+
+- ret = ad_master_domain_recv(subreq, state, &flat_name, &master_sid,
+- NULL, &state->forest);
++ ret = ad_domain_info_recv(subreq, state, &flat_name, &master_sid,
++ NULL, &state->forest);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get master domain information "
+--
+2.21.3
+
diff --git a/SOURCES/0015-sysdb-make-new_subdomain-public.patch b/SOURCES/0015-sysdb-make-new_subdomain-public.patch
new file mode 100644
index 0000000..1c3a146
--- /dev/null
+++ b/SOURCES/0015-sysdb-make-new_subdomain-public.patch
@@ -0,0 +1,117 @@
+From 9aa26f6514220bae3b3314f830e3e3f95fab2cf9 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 21:18:13 +0200
+Subject: [PATCH 15/19] sysdb: make new_subdomain() public
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/db/sysdb.h | 18 ++++++++++++++++++
+ src/db/sysdb_private.h | 19 -------------------
+ src/tests/cmocka/test_negcache.c | 1 -
+ src/tests/cmocka/test_nss_srv.c | 1 -
+ src/tests/cmocka/test_responder_cache_req.c | 1 -
+ 5 files changed, 18 insertions(+), 22 deletions(-)
+
+diff --git a/src/db/sysdb.h b/src/db/sysdb.h
+index 64e546f5b..e4ed10b54 100644
+--- a/src/db/sysdb.h
++++ b/src/db/sysdb.h
+@@ -562,6 +562,24 @@ errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
+ errno_t sysdb_subdomain_content_delete(struct sysdb_ctx *sysdb,
+ const char *name);
+
++/* The utility function to create a subdomain sss_domain_info object is handy
++ * for unit tests, so it should be available in a headerr.
++ */
++struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
++ struct sss_domain_info *parent,
++ const char *name,
++ const char *realm,
++ const char *flat_name,
++ const char *id,
++ enum sss_domain_mpg_mode mpg_mode,
++ bool enumerate,
++ const char *forest,
++ const char **upn_suffixes,
++ uint32_t trust_direction,
++ struct confdb_ctx *confdb,
++ bool enabled);
++
++
+ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+ size_t *range_count,
+ struct range_info ***range_list);
+diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
+index 3302919a6..70fe3fa18 100644
+--- a/src/db/sysdb_private.h
++++ b/src/db/sysdb_private.h
+@@ -196,25 +196,6 @@ int sysdb_replace_ulong(struct ldb_message *msg,
+ int sysdb_delete_ulong(struct ldb_message *msg,
+ const char *attr, unsigned long value);
+
+-/* The utility function to create a subdomain sss_domain_info object is handy
+- * for unit tests, so it should be available in a header, but not a public util
+- * one, because the only interface for the daemon itself should be adding
+- * the sysdb domain object and calling sysdb_update_subdomains()
+- */
+-struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
+- struct sss_domain_info *parent,
+- const char *name,
+- const char *realm,
+- const char *flat_name,
+- const char *id,
+- enum sss_domain_mpg_mode mpg_mode,
+- bool enumerate,
+- const char *forest,
+- const char **upn_suffixes,
+- uint32_t trust_direction,
+- struct confdb_ctx *confdb,
+- bool enabled);
+-
+ /* Helper functions to deal with the timestamp cache should not be used
+ * outside the sysdb itself. The timestamp cache should be completely
+ * opaque to the sysdb consumers
+diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
+index 3ed1cb14a..b3a379227 100644
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -38,7 +38,6 @@
+ #include "util/util_sss_idmap.h"
+ #include "lib/idmap/sss_idmap.h"
+ #include "util/util.h"
+-#include "db/sysdb_private.h"
+ #include "responder/common/responder.h"
+ #include "responder/common/negcache.h"
+
+diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
+index 3cd7809cf..99ba02a80 100644
+--- a/src/tests/cmocka/test_nss_srv.c
++++ b/src/tests/cmocka/test_nss_srv.c
+@@ -36,7 +36,6 @@
+ #include "util/crypto/sss_crypto.h"
+ #include "util/crypto/nss/nss_util.h"
+ #include "util/sss_endian.h"
+-#include "db/sysdb_private.h" /* new_subdomain() */
+ #include "db/sysdb_iphosts.h"
+ #include "db/sysdb_ipnetworks.h"
+
+diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
+index 2611c589b..68a651240 100644
+--- a/src/tests/cmocka/test_responder_cache_req.c
++++ b/src/tests/cmocka/test_responder_cache_req.c
+@@ -27,7 +27,6 @@
+ #include "tests/cmocka/common_mock_resp.h"
+ #include "db/sysdb.h"
+ #include "responder/common/cache_req/cache_req.h"
+-#include "db/sysdb_private.h" /* new_subdomain() */
+
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+ #define TEST_CONF_DB "test_responder_cache_req_conf.ldb"
+--
+2.21.3
+
diff --git a/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch b/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch
deleted file mode 100644
index 54eb096..0000000
--- a/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 9ba6f33ee78e1c15847f11b8f75f8a8413034875 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= <ppolawsk@redhat.com>
-Date: Tue, 3 Dec 2019 04:13:53 +0100
-Subject: [PATCH] sysdb_sudo: Enable LDAP time format compatibility
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-LDAP specification allows to ommit seconds and minutes
-in time border definition. In that case they defaults to zeros.
-Current sssd.sudo implementation requires precision up to
-seconds in time definition. This commit allows to lower
-the precision up to hours.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/4118
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/db/sysdb_sudo.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
-index 59d6824c0..18088b017 100644
---- a/src/db/sysdb_sudo.c
-+++ b/src/db/sysdb_sudo.c
-@@ -55,6 +55,22 @@ static errno_t sysdb_sudo_convert_time(const char *str, time_t *unix_time)
- "%Y%m%d%H%M%S.0%z",
- "%Y%m%d%H%M%S,0Z",
- "%Y%m%d%H%M%S,0%z",
-+ /* LDAP specification says that minutes and seconds
-+ might be omitted and in that case these are meant
-+ to be treated as zeros [1].
-+ */
-+ "%Y%m%d%H%MZ", /* Discard seconds */
-+ "%Y%m%d%H%M%z",
-+ "%Y%m%d%H%M.0Z",
-+ "%Y%m%d%H%M.0%z",
-+ "%Y%m%d%H%M,0Z",
-+ "%Y%m%d%H%M,0%z",
-+ "%Y%m%d%HZ", /* Discard minutes and seconds*/
-+ "%Y%m%d%H%z",
-+ "%Y%m%d%H.0Z",
-+ "%Y%m%d%H.0%z",
-+ "%Y%m%d%H,0Z",
-+ "%Y%m%d%H,0%z",
- NULL};
-
- for (format = formats; *format != NULL; format++) {
---
-2.20.1
-
diff --git a/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch b/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
new file mode 100644
index 0000000..a71043c
--- /dev/null
+++ b/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
@@ -0,0 +1,89 @@
+From 2bad4d4b299440d33919a9fdb8c4d75814583e12 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 21:24:42 +0200
+Subject: [PATCH 16/19] ad: rename ads_get_root_id_ctx() to ads_get_dom_id_ctx
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since the function can be used to get the id ctx of any domain the
+'root' is removed from the name.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_subdomains.c | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index c53962283..a9a552ff7 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -1231,37 +1231,37 @@ static errno_t ad_get_slave_domain_recv(struct tevent_req *req)
+ }
+
+ static struct ad_id_ctx *
+-ads_get_root_id_ctx(struct be_ctx *be_ctx,
+- struct ad_id_ctx *ad_id_ctx,
+- struct sss_domain_info *root_domain,
+- struct sdap_options *opts)
++ads_get_dom_id_ctx(struct be_ctx *be_ctx,
++ struct ad_id_ctx *ad_id_ctx,
++ struct sss_domain_info *domain,
++ struct sdap_options *opts)
+ {
+ errno_t ret;
+ struct sdap_domain *sdom;
+- struct ad_id_ctx *root_id_ctx;
++ struct ad_id_ctx *dom_id_ctx;
+
+- sdom = sdap_domain_get(opts, root_domain);
++ sdom = sdap_domain_get(opts, domain);
+ if (sdom == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE,
+- "Cannot get the sdom for %s!\n", root_domain->name);
++ "Cannot get the sdom for %s!\n", domain->name);
+ return NULL;
+ }
+
+ if (sdom->pvt == NULL) {
+- ret = ad_subdom_ad_ctx_new(be_ctx, ad_id_ctx, root_domain,
+- &root_id_ctx);
++ ret = ad_subdom_ad_ctx_new(be_ctx, ad_id_ctx, domain,
++ &dom_id_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "ad_subdom_ad_ctx_new failed.\n");
+ return NULL;
+ }
+
+- sdom->pvt = root_id_ctx;
++ sdom->pvt = dom_id_ctx;
+ } else {
+- root_id_ctx = sdom->pvt;
++ dom_id_ctx = sdom->pvt;
+ }
+
+- root_id_ctx->ldap_ctx->ignore_mark_offline = true;
+- return root_id_ctx;
++ dom_id_ctx->ldap_ctx->ignore_mark_offline = true;
++ return dom_id_ctx;
+ }
+
+ struct ad_get_root_domain_state {
+@@ -1403,9 +1403,9 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ goto done;
+ }
+
+- state->root_id_ctx = ads_get_root_id_ctx(state->be_ctx,
+- state->sd_ctx->ad_id_ctx,
+- root_domain, state->opts);
++ state->root_id_ctx = ads_get_dom_id_ctx(state->be_ctx,
++ state->sd_ctx->ad_id_ctx,
++ root_domain, state->opts);
+ if (state->root_id_ctx == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot create id ctx for the root domain\n");
+ ret = EFAULT;
+--
+2.21.3
+
diff --git a/SOURCES/0016-zanata-Pulled-new-translations.patch b/SOURCES/0016-zanata-Pulled-new-translations.patch
deleted file mode 100644
index 34285fa..0000000
--- a/SOURCES/0016-zanata-Pulled-new-translations.patch
+++ /dev/null
@@ -1,65451 +0,0 @@
-From 9b5ad094419a8b557477f52d9f59653a30e36aac Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 12 Feb 2020 23:32:46 +0100
-Subject: [PATCH] zanata: Pulled new translations
-
----
- po/bg.po | 377 +++++++------
- po/ca.po | 377 +++++++------
- po/de.po | 377 +++++++------
- po/es.po | 395 ++++++-------
- po/eu.po | 376 +++++++------
- po/fr.po | 785 ++++++++++++++------------
- po/hu.po | 376 +++++++------
- po/id.po | 377 +++++++------
- po/it.po | 377 +++++++------
- po/ja.po | 503 +++++++++--------
- po/nb.po | 376 +++++++------
- po/nl.po | 377 +++++++------
- po/pl.po | 411 +++++++-------
- po/pt.po | 377 +++++++------
- po/pt_BR.po | 376 +++++++------
- po/ru.po | 377 +++++++------
- po/sssd.pot | 376 +++++++------
- po/sv.po | 395 ++++++-------
- po/tg.po | 376 +++++++------
- po/tr.po | 376 +++++++------
- po/uk.po | 414 +++++++-------
- po/zh_CN.po | 376 +++++++------
- po/zh_TW.po | 377 +++++++------
- src/man/po/br.po | 576 ++++++++++---------
- src/man/po/ca.po | 720 +++++++++++-------------
- src/man/po/cs.po | 604 ++++++++++----------
- src/man/po/de.po | 754 +++++++++++--------------
- src/man/po/es.po | 869 ++++++++++++++---------------
- src/man/po/eu.po | 560 ++++++++++---------
- src/man/po/fi.po | 590 ++++++++++----------
- src/man/po/fr.po | 740 +++++++++++--------------
- src/man/po/ja.po | 687 +++++++++++------------
- src/man/po/lv.po | 580 ++++++++++---------
- src/man/po/nl.po | 606 ++++++++++----------
- src/man/po/pt.po | 613 ++++++++++----------
- src/man/po/pt_BR.po | 560 ++++++++++---------
- src/man/po/ru.po | 577 ++++++++++---------
- src/man/po/sssd-docs.pot | 538 ++++++++++--------
- src/man/po/sv.po | 948 ++++++++++++-------------------
- src/man/po/tg.po | 572 ++++++++++---------
- src/man/po/uk.po | 1137 ++++++++++++++++++--------------------
- src/man/po/zh_CN.po | 576 ++++++++++---------
- 42 files changed, 11116 insertions(+), 10995 deletions(-)
-
-diff --git a/po/bg.po b/po/bg.po
-index 831ee28b8..fe9b87e90 100644
---- a/po/bg.po
-+++ b/po/bg.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:44+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -699,7 +699,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "LDAP филтър за определяне права на достъп"
-
-@@ -770,737 +770,746 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Адрес на Kerberos сървър"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos област"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Директория за съхранение на кеша за данни за удостоверяване"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Местоположение на кеша за данни за удостоверяване на потребители"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Местоположение на keytab за валидиране на данните за удостоверяване"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Разреши проверката на данните за удостоверяване"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "Записва паролата ако е офлайн за по-късно удостоверяване"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, URI на LDAP сървъра"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Базовият DN по подразбиране"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Използваният тип схема на LDAP сървъра, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Подразбиращият се bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Продължителност на опитите за свързване"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Продължителност на опитите за синхронни LDAP операции"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Продължителност на времето между опитите за връзка докато е офлайн"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Файл, съдържащ CA сертификати"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Път до директорията на CA сертификат"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Изисква TLS проверка на сертификат"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Задава за използване механизма sasl"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Задаване на sasl authorization id за употреба"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Задаване на sasl authorization id за употреба"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "keytab на Kerberos услуга"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Ползвай Kerberos auth за LDAP връзка"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Следвай LDAP референциите"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Продължителност на живот на TGT за LDAP връзка"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Продължителност на време за изчакване на заявка за търсене"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Продължителност на време между актуализации на изброяване"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Изисква TLS за ИД справките"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "атрибут Потребителско име"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "атрибут UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "атрибут Първичен GID"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "атрибут GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "атрибут Домашна директория"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "атрибут Команден интерпретатор"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "атрибут User principal (за Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Пълно име"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "атрибут членНа"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "атрибут Момент на промяна"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Политика за определяне срок на валидност на парола"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Списък разрешени потребители, разделени със запетая"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Списък забранени потребители, разделени със запетая"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Подразбиращ се команден интерпретатор, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Място за домашните директории"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/ca.po b/po/ca.po
-index c0127b109..a7a8f9b34 100644
---- a/po/ca.po
-+++ b/po/ca.po
-@@ -14,7 +14,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2017-10-15 03:02+0000\n"
- "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
- "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
-@@ -767,7 +767,7 @@ msgid "Active Directory client hostname"
- msgstr "Nom d'amfitrió del client d'Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtre LDAP per determinar els privilegis d'accés"
-
-@@ -855,217 +855,226 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Adreça del servidor Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adreça del servidor Kerberos de reserva"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Reialme Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Temps d'expiració de l'autenticació"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Si es creen els fitxers kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Si es rebutgen les parts de la configuració del krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Directori per emmagatzemar la memòria cau de les credencials"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Ubicació de la memòria cau de les credencials de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Ubicació de la clau per validar les credencials"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Habilita la validació de credencials"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Emmagatzema la contrasenya si s'està desconnectat per a l'autenticació "
- "posterior amb connexió"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Temps de vida renovable del TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Temps de vida del TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Temps entre les dues comprovacions per a la renovació"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Habilita FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Selecciona el principal per utilitzar amb FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Habilita la canonització del principal"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Habilita els principals empresarials"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Servidor on es troba el servei de canvi de contrasenya si no està al KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, L'URI del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, L'URI del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "El DN base per defecte"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "El tipus d'esquema en ús al servidor LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "El DN de creació del vincle per defecte"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
- "El tipus del testimoni d'autenticació del DN de creació del vincle per "
- "defecte"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "El testimoni d'autenticació del DN de creació del vincle per defecte"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Període de temps per intentar una connexió"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Període de temps per intentar operacions LDAP asíncrones"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Període de temps entre els intents per tornar a connectar mentre s'està "
- "desconnectat"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Utilitza només majúscules pels noms de reialme"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Fitxer que conté els certificats de l'AC"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Camí al directori del certificat de l'AC"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Fitxer que conté el certificat de client"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Fitxer que conté la clau de client"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Llista de paquets de xifrat possibles"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Requereix verificació de certificat TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Especifica el mecanisme SASL a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Especifica l'id. d'autorització SASL a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Especifica el reialme d'autorització SASL a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Taula de claus del servei del Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Utilitza l'autenticació Kerberos per a la connexió LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Segueix les referències LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Temps de vida del TGT per la connexió LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Com desreferenciar els àlies"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Nom del servei per a la recerca del servei del DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "El nombre de registres a recuperar en una sola consulta LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "El nombre de membres que han de faltar per activar una de-referència completa"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1073,384 +1082,384 @@ msgstr ""
- "Si la biblioteca LDAP hauria de realitzar una recerca inversa per canonitzar "
- "el nom d'amfitrió durant la creació del vincle SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "L'atribut entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "L'atribut lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Quant de temps s'ha de retenir una connexió al servidor LDAP abans de "
- "desconnectar"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Inhabilita el control de paginació LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Inhabilita la recuperació de l'interval de l'Active Directory"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Període de temps per esperar una petició de cerca"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Període de temps per esperar una petició d'enumeració"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Període de temps entre les actualitzacions de les enumeracions"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Període de temps entre les neteges de la memòria cau"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Requereix TLS per a la recerca d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
- "Utilitza l'assignació dels id. de l'objectSID en lloc dels id. pre-establerts"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "DN base per a la recerca de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Abast de la recerca de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtre per a la recerca de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass per als usuaris"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "L'atribut nom d'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "L'atribut UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "L'atribut GID primari"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "L'atribut GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "L'atribut directori inicial"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "L'atribut shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "L'atribut UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "L'atribut objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "L'atribut grup primari de l'Active Directory per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "L'atribut usuari principal (per a Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nom complet"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "L'atribut memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "L'atribut data de modificació"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "L'atribut shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "L'atribut shadowMin"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "L'atribut shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "L'atribut shadowWarning"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "L'atribut shadowInactive"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "L'atribut shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "L'atribut shadowFlag"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "L'atribut que llista els serveis PAM autoritzats"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "L'atribut que llista els amfitrions dels servidors autoritzats"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "L'atribut krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "L'atribut krbPasswordExpiration"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "L'atribut que indica l'activació de les polítiques de contrasenya de servidor"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "L'atribut accountExpires de l'AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "L'atribut userAccountControl de l'AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "L'atribut nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "L'atribut loginDisabled del NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "L'atribut loginExpirationTime del NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "L'atribut loginAllowedTimeMap del NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "L'atribut clau pública SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr "atribut que llista els tipus permesos d'autenticació per a un usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "atribut que conté el certificat X509 de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Una llista dels atributs extres per baixar juntament amb l'entrada de "
- "l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "DN base per a la recerca del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "L'objectclass per als grups"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Nom del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Contrasenya del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "L'atribut GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "L'atribut membre del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "L'atribut UUID del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "L'atribut data de modificació per als grups"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Tipus del grup i altres senyals"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "DN base per a la recerca del grup de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "L'objectclass per als grups de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nom de grup de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "L'atribut membres del grup de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "L'atribut triple del grup de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "L'atribut data de modificació per als grups de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "DN base per a la recerca del servei"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Objectclass per als serveis"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "L'atribut nom del servei"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "L'atribut port del servei"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "L'atribut protocol del servei"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Límit inferior per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Límit superior per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Nombres d'id. per cada porció en l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Utilitza l'algoritme compatible d'autorid per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Nom del domini per defecte per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID del domini per defecte per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Si s'utilitzen els grups amb testimonis"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Estableix el límit inferior per als id. permesos del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Estableix el límit superior per als id. permesos del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN per a les consultes ppolicy"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Política per avaluar el venciment de la contrasenya"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Quins atributs s'haurien d'utilitzar per avaluar si el compte ha vençut"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "URI d'un servidor LDAP on es permeten els canvis de contrasenya"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
- "URI d'un servidor LDAP de reserva on es permeten els canvis de contrasenya"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1458,23 +1467,23 @@ msgstr ""
- "Si s'actualitza l'atribut ldap_user_shadow_last_change després d'un canvi de "
- "contrasenya"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "DN base per a la recerca de les regles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Període d'actualització automàtica completa"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Període d'actualització automàtica intel·ligent"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr "Si es filtren les regles per nom d'amfitrió, adreça IP i xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1482,143 +1491,143 @@ msgstr ""
- "Noms d'amfitrió i/o noms de domini plenament qualificat d'aquesta màquina "
- "per filtrar les regles de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Si s'inclouen les regles que contenen el grup de xarxa a l'atribut de "
- "l'amfitrió"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Si s'inclouen les regles que contenen expressions regulars a l'atribut de "
- "l'amfitrió"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objectclass de les regles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Nom de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Attribut command de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "L'atribut host de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "L'atribut user de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "L'atribut option de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "L'atribut runas de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "L'atribut runasuser de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "L'atribut runasgroup de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "L'atribut notbefore de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "L'atribut notafter de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "L'atribut order de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Objectclass per a les assignacions de l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "L'atribut nom de l'assignació de l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
- "Objectclass per a les entrades de les assignacions de l'eina de muntatge "
- "automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
- "L'atribut clau d'entrada de l'assignació de l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
- "L'atribut valor de l'entrada de l'assignació l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
- "DN base per a la recerca de l'assignació de l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Llista separada per comes dels usuaris autoritzats"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Llista separada per comes dels usuaris no autoritzats"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "El shell predeterminat, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Base per als directoris inicials"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "El nom de la biblioteca NSS a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
- "Si se cerca el nom del grup canònic des de la memòria cau, si és possible"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Pila PAM a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/de.po b/po/de.po
-index 644ede9bf..fc3fecde5 100644
---- a/po/de.po
-+++ b/po/de.po
-@@ -10,7 +10,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:45+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
-@@ -754,7 +754,7 @@ msgid "Active Directory client hostname"
- msgstr "Hostname des Active-Directory-Clients"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "LDAP-Filter zum Bestimmen der Zugriffsprivilegien"
-
-@@ -825,213 +825,222 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos-Serveradresse"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adresse des Ersatz-Kerberos-Servers"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos-Realm"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Zeitüberschreitung bei Authentifizierung"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Gibt an, ob kdcinfo-Dateien angelegt werden"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Verzeichnis zum Speichern der Anmeldedaten"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Ort des Zwischenspeichers für die Anmeldedaten des Benutzers"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Ort der Schlüsseltabelle zum Überprüfen von Anmeldedaten"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Validierung der Anmeldedaten aktivieren"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "Passwort im Offline-Modus für spätere Online-Anmeldung speichern"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Erneuerung der Lebensdauer des TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Lebensdauer des TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Zeitspanne zwischen zwei Prüfungen, ob Erneuerung nötig ist"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Aktiviert FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Wählt den für FAST zu verwendenden Principal aus"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Aktiviert Kanonisierung des Principals"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Enterprise-Principals aktivieren"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Server, auf dem der Dienst zum Ändern des Passworts läuft, falls nicht KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, die URI des LDAP-Servers"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, die URI des LDAP-Servers"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Vorgegebene Basis-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Der vom LDAP-Server verwendete Schema-Typ gemäß RFC2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Vorgegebene Bind-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Typ des Authentifizierungs-Tokens der vorgegebenen Bind-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Authentifizierungs-Token für die vorgegebene Bind-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Zeitspanne für einen Verbindungsversuch"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Zeitspanne für Versuche zur Ausführung synchroner LDAP-Vorgänge"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Zeitspanne zwischen Versuchen zum erneuten Verbindungsaufbau im Offline-Modus"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Nur Großschreibung für Realm-Namen verwenden"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Datei, die CA-Zertifikate enthält"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Pfad zum CA-Zertifikatverzeichnis"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Datei, die das Client-Zertifikat enthält"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Datei, die den Client-Schlüssel enthält"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Liste der möglichen Verschlüsselungs-Suites"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "TLS-Zertifikatüberprüfung erforderlich machen"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Zu verwendenden sasl-Mechanismus angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Zu verwendende ID für sasl-Authentifizierung angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Zu verwendenden Realm für sasl-Authentifizierung angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Schlüsseltabelle des Kerberos-Dienstes"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Kerberos-Authentifizierung für LDAP-Verbindung verwenden"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "LDAP-Verweisen folgen"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Lebensdauer von TGT für LDAP-Verbindung"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Dereferenzierung von Aliasen"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Dienstname für DNS-Service-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Anzahl der in einer einzelnen LDAP-Abfrage zu holenden Datensätze"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Anzahl der Elemente, die fehlen müssen, um eine vollständige "
- "Dereferenzierung auszulösen"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1039,383 +1048,383 @@ msgstr ""
- "Gibt an, ob die LDAP-Bibliothek eine Rückwärtssuche ausführen soll, um den "
- "Rechnernamen während einer SASL-Bindung zu kanonisieren"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Zeitspanne zum Halten einer Verbindung zum LDAP-Server, bis diese "
- "unterbrochen wird"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "LDAP-Paging-Steuerung deaktivieren"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Bereichsermittlung für Active Directory deaktivieren"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Zeitspanne zum Warten auf eine Suchanfrage"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Zeitspanne zum Warten auf eine Auflistungsanfrage"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Zeitspanne zwischen Auflistungsanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Zeitspanne zwischen den Leerungen des Zwischenspeichers"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "TLS für ID-Suchvorgänge erforderlich machen"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "ID-Zuweisung von objectSID anstelle von voreingestellten IDs verwenden"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Basis-DN für Benutzer-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Bereich für Benutzer-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filter für Benutzer-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objektklasse für Benutzer"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Benutzername-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Primäres GID-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Home-Verzeichnis-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Shell-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID -Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Active-Directory-Primärgruppen-Attribut für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Principal-Attribut verwenden (für Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Vollständiger Name"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "memberOf-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Änderungszeit-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "shadowLastChange-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Attribut, welches die autorisierten PAM-Dienste auflistet"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Attribut, welches die autorisierten Server-Hosts auflistet"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "krbLastPwdChange-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "Attribut, welches angibt, dass die serverseitigen Passwortregeln aktiv sind"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "accountExpires-Attribut von AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "userAccountControl-Attribut von AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "nsAccountLock-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "loginDisabled-Attribut von NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "loginExpirationTime-Attribut von NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "loginAllowedTimeMap-Attribut von NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Attribut für öffentlichen SSH-Schlüssel"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Eine Liste der zusätzlich herunterzuladender Attribute zusammen mit dem "
- "Benutzereintrag"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Basis-DN für Gruppen-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Objektklasse für Gruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Gruppenname"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Gruppenpasswort"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Gruppen-ID-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Gruppen-Mitgliedschafts-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Änderungszeit-Attribut für Gruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Typ der Gruppe und weitere Flags"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Basis-DN für Netzgruppen-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Objektklasse für Netzgruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Netzgruppenname"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Netzgruppen-Mitglieder-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Netzgruppen-Tripel-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Änderungszeit-Attribut für Netzgruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Basis-DN für Dienste-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Objektklasse für Dienste"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Name-Attribut des Dienstes"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Port-Attribut des Dienstes"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Protokoll-Attribut des Dienstes"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Untere Grenze für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Obere Grenze für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Anzahl der IDs für jeden Teil bei der ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "autorid-kompatiblen Algorithmus für ID-Zuweisung verwenden"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Name der Vorgabe-Domain für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID der Vorgabedomain für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Verwendung von Token-Gruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Untere Grenze für zulässige IDs des LDAP-Servers angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Obere Grenze für zulässige IDs des LDAP-Servers angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Regel zum Ermitteln der Ablaufzeit des Passworts"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Attribute, die bei der Ermittlung verwendet werden, ob ein Konto abgelaufen "
- "ist"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Regeln für die Ermittlung der Zugriffskontrolle"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "URI eines LDAP-Servers, wo Passwortänderungen zulässig sind"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "URI eines Ersatz-LDAP-Servers, wo Passwortänderungen zulässig sind"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "DNS-Dienstname für den LDAP-Passwortänderungsserver"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1423,25 +1432,25 @@ msgstr ""
- "Gibt an, ob das Attribut ldap_user_shadow_last_change nach einer "
- "Passwortänderung aktualisiert werden soll"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Basis-DN für Suchanfragen nach Sudo-Regeln"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Periode für automatische vollständige Aktualisierung"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Periode für bedingte vollständige Aktualisierung"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "Gibt an, ob Regeln nach Hostnamen, IP-Adressen oder Netzwerken gefiltert "
- "werden sollen"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1449,140 +1458,140 @@ msgstr ""
- "Hostnamen und/oder voll ausgeschriebene Domain-Namen dieses Rechners zum "
- "Filtern von Sudo-Regeln"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "IPv4- oder IPv6-Adressen oder Netzwerk dieses Rechners zum Filtern von sudo-"
- "Regeln"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die "
- "Netzgruppen enthalten"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die reguläre "
- "Ausdrücke enthalten"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objektklasse für Sudo-Regeln"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Sudo-Regelname"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Befehlsattribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Host-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Benutzer-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Optionsattribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "runasuser-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "runasgroup-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "notbefore-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "notafter-Attribut der sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Reihenfolge-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Objektklasse für Automounter-Zuweisungen"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Name-Attribut der Automounter-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Objektklasse für Einträge von Automounter-Zuweisungen"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Schlüssel-Attribut des Automounter-Zuweisungseintrags"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Wert-Attribut des Automounter-Zuweisungseintrags"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Basis-DN für Suchanfragen nach Automounter-Zuweisungen"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Durch Kommata getrennte Liste der erlaubten Benutzer"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Durch Kommata getrennte Liste der verbotenen Benutzer"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Vorgabeshell, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Wurzel für Benutzerverzeichnisse"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Name der zu verwendenden NSS-Bibliothek"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
- "Gibt an, ob wenn möglich im Zwischenspeicher nach dem kanonischen "
- "Gruppennamen gesucht werden soll"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Zu verwendender PAM-Stapel"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/es.po b/po/es.po
-index d5dee5ecb..d3b5a5eff 100644
---- a/po/es.po
-+++ b/po/es.po
-@@ -18,7 +18,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2019-08-26 09:45+0000\n"
- "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
- "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
-@@ -794,7 +794,7 @@ msgid "Active Directory client hostname"
- msgstr "Nombre de host del cliente de Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtro LDAP para determinar privilegios de acceso"
-
-@@ -884,215 +884,224 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr "Opción para afinar la tarea de renovación de la cuenta de la máquina"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Dirección del servidor Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Dirección del servidor de respaldo Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Reinado Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Expiración de la autenticación"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Si se crean ficheros kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Dónde soltar los fragmentos de configuración de krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Directorio donde almacenar las credenciales cacheadas"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Ubicación del caché de credenciales del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Ubicación de la tabla de claves para validar las credenciales"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Habilitar la validación de credenciales"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Si se encuentra desconectado, almacena contraseñas para más tarde realizar "
- "una autenticación en línea"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "ciclo de vida renovable del TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "ciclo de vida del TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "tiempo entre dos comprobaciones para renovación "
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Habilita FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Selecciona el principal para su uso por FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Habilita canonicalización principal"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Permite los principios de la empresa"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
- "Un mapeo desde los nombres de usuario a los nombres de principal de Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "El servidor en donde está ejecutándose el servicio de modificación de "
- "contraseña, en caso de no ser KDC. "
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, El URI del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, La URI del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "DN base predeterminado"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "Modo usado para cambiar la contraseña de usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "El DN Bind predeterminado"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "El tipo del token de autenticación del DN bind predeterminado"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "El token de autenticación del DN bind predeterminado"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Tiempo durante el que se intentará la conexión"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Use solo el caso superior para nombres reales"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Archivo que contiene los certificados CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Ruta hacia un directorio certificado CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Fichero que contiene el certificado de cliente"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Fichero que contiene la llave de cliente"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lista de posibles suites de cifrado"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Requiere la verificación de certificado TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Especificar el mecanismo sasl a usar"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Especifique el id de autorización sasl a usar"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Especifica el reinado de autorización sasl a ser utilizado"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Tabla de clave del servicio Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Usar auth Kerberos para la conexión LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Seguir referencias LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Período de vida del TGT para la conexión LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Como eliminar aliases"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Nombre de servicio para busquedas de servicios DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "La cantidad de miembros que deben faltar para desencadenar una deref completa"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1100,389 +1109,389 @@ msgstr ""
- "Si la Biblioteca LDAP debería realizar una búsqueda inversa para "
- "canonicalizar el nombre del host durante un enlace SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "atributo entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "atributo lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "El período de tiempo máximo para retener una conexión con el servidor LDAP "
- "antes de desconectar"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Deshabilita el control de paginación LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Deshabilitar el rango de recuperación Active Directory"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "periodo de espera para solicitud de enumeración"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "periodo de tiempo entre borrados de la caché"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Requiere TLS para búsquedas de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "Usar el mapeado ID de objectSID en lugar de las IDs preajustadas"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "DN base para búsquedas de usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Ambito de las búsquedas del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtro para las búsquedas del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass para los usuarios"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Atributo Username"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Atributo UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Atributo GID primario"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Atributo GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Atributo Directorio de inicio"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Atributo shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "Atributo UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "Atributo objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Atributo primario del grupo Active Directory para el mapeado de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Atributo principal del usuario (para Kerberos) "
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nombre completo"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Atributo memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Atributo hora de modificación"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "atributo shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "atributo shadowMin "
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "atributo shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "atributo shadowWarning "
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "atributo shadowInactive "
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "atributo shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "atributo shadowFlag "
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "listado de atributos de servicios PAM autorizados"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Atributo de listado de equipos de servidor autorizados"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "Atributo listando los rhosts de los servidores autorizados"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "atributo krbLastPwdChange "
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "atributo krbPasswordExpiration "
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "atributo indicando que las políticas de contraseña del lado del servidor "
- "están activas"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "atributo accountExpires de AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "atributo userAccountControl de AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "atributo nsAccountLock "
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "loginDisabled atributo de NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "loginExpirationTime atributo de NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "loginAllowedTimeMap atributo de NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Atributo de clave pública SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
- "atributo listando los tipos de autenticación permitidos para un usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "atributo conteniendo el certificado X509 del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "atributo que contiene la dirección de correo electrónico del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Una lista de los atributos extra a descargar junto con la entrada del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "DN base para busqueda de grupos"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "clase objeto para"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Nombre del grupo"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Contraseña del grupo"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Atributo GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Atributo de miembro del grupo"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "Atributo UUID de grupo"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Atributo de modificación de tiempo para los grupos"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Tipo del grupo y otras banderas"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "Atributo de miembro de grupo externo LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "Máximo nivel de anidamiento que seguirá SSSD"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "DN base para búsquedas de grupos de red"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Clases de objetos para grupos de red"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nombre de grupo de red"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Atributo de miembros de grupos de red"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Atributo triple de grupo de red"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Atributo de modificación de tiempo para grupos de red"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Base DN para servicio de búsquedas"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Clase de objeto para servicio"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Atributo de nombre de servicio"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Atributo de puerto de servicio"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Atributo de protocolo de servidor"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Límite más bajo para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Límite más alto para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Número de IDs por cada trozo cuando se mapean ID"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Usar el algoritmo compatible con autorid para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Nombre del dominio por defecto para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID del dominio por defecto para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "Número de trozos secundarios"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Si usar Token-Groups"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Fijar el límite más bajo de IDs permitidas desde el servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
- "Fijar el límite más alto para las IDs permitidas desde el servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN para consultas ppolicy"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr "Máximas entradas a recuperar durante una solicitud de comodín"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Política para evaluar el vencimiento de la contraseña"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Los atributos que deberán ser utilizados para evaluar si una cuenta ha "
- "expirado"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
- "URI de un servidor LDAP donde se permite la modificación de contraseñas"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
- "URI de un servidor de respaldo LDAP donde están permitidos los cambios de "
- "contraseña"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
- "Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1490,23 +1499,23 @@ msgstr ""
- "Si actualizar el atributo ldap_user_shadow_last_change después de un cambio "
- "de contraseña"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Base DN para búsquedas de reglas sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Período de refresco total automático"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Período de refresco inteligente automático"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr "Si filtrar la reglas por nombre de host, direcciones IP y red"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1514,133 +1523,133 @@ msgstr ""
- "Nombres de host y/o nombres de dominio totalmente cualificado de esta "
- "máquina para filtrar las reglas sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr "Direcciones o red IPv4 o IPv6 de esta máquina para filtrar reglas sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr "Si incluir reglas que contienen netgroup en el atributo de host"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Si incluir reglas que contengan expresiones regulares en el atributo de host"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objeto clase para reglas sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Nombre de regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Atributo de regla de comando sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Atributo de la regla host de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Atributo de la regla usuario de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Atributo de la regla opción de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Atributo runas de regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Atributo de la regla suda runasuser"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Atributo de regla runasgroup de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Atributo de regla notbefore de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Atributo de regla noafter de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Atributo de regla orden de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Objeto clase para mapas automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Atributo de nombre de mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Objeto clase para entradas de mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Atributo de clave de entrada para mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Atributo de valor de entrada para mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Base DN para búsquedas de mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Lista separada por comas de usuarios autorizados"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Lista separada por comas de usuarios prohibidos"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell predeterminado, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Base de los directorios de inicio"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr "Número de hijos proxy prefabricados"
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Nombre de la biblioteca NSS a usar"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "Si buscar el nombre canónico del grupo desde el cache si es posible"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Pila PAM a usar"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "Ruta de las fuentes del fichero passwd"
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "Ruta de las fuentes del fichero group"
-
-@@ -2571,14 +2580,14 @@ msgid "Search by group ID"
- msgstr "Búsqueda por ID de grupo"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "Incapaz de analizar el nombre %s.\n"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "El socket SSSD no existe."
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2597,13 +2606,10 @@ msgid "Error while reading configuration directory.\n"
- msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"Fichero %1$s no existe. SSSD usará la configuración predeterminada con "
--"ficheros del suministrador.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
-@@ -2620,9 +2626,9 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "Mensajes generados durante la configuración de la fusión: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "Configuración usada retazos de ficheros: %u\n"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2721,9 +2727,8 @@ msgid "Online status: %s\n"
- msgstr "Estado en línea: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "Mostrar información sobre el servidor activo"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-diff --git a/po/eu.po b/po/eu.po
-index dce3b6ba4..a0d93d3cf 100644
---- a/po/eu.po
-+++ b/po/eu.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:45+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
-@@ -695,7 +695,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -766,737 +766,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "FAST gaitzen du"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Izen osoa"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "shadowLastChange atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "krbLastPwdChange atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "ADren accountExpires atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "ADren userAccountControl atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "nsAccountLock atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Talde-izena"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Taldearen pasahitza"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "GID atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell lehenetsia, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/fr.po b/po/fr.po
-index db16ecd39..c3756af43 100644
---- a/po/fr.po
-+++ b/po/fr.po
-@@ -9,13 +9,14 @@
- # Mariko Vincent <dweu60@gmail.com>, 2012
- # Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata
- # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
-+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata
- msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
--"PO-Revision-Date: 2016-02-24 03:43+0000\n"
--"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
-+"PO-Revision-Date: 2020-01-14 01:48+0000\n"
-+"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
- "fr/)\n"
- "Language: fr\n"
-@@ -45,7 +46,7 @@ msgstr "Écrire les messages de débogage dans les journaux"
-
- #: src/config/SSSDConfig/__init__.py.in:48
- msgid "Watchdog timeout before restarting service"
--msgstr ""
-+msgstr "Délai de surveillance avant le redémarrage du service"
-
- #: src/config/SSSDConfig/__init__.py.in:49
- msgid "Command to start service"
-@@ -67,11 +68,13 @@ msgstr "durée d'inactivité avant la déconnexion automatique d'un client"
-
- #: src/config/SSSDConfig/__init__.py.in:53
- msgid "Idle time before automatic shutdown of the responder"
--msgstr ""
-+msgstr "Temps d'inactivité avant l'arrêt automatique du répondeur"
-
- #: src/config/SSSDConfig/__init__.py.in:54
- msgid "Always query all the caches before querying the Data Providers"
- msgstr ""
-+"Interrogez toujours tous les caches avant d'interroger les fournisseurs de "
-+"données"
-
- #: src/config/SSSDConfig/__init__.py.in:57
- msgid "SSSD Services to start"
-@@ -113,7 +116,7 @@ msgstr "L'utilisation vers lequel abandonner les privilèges"
-
- #: src/config/SSSDConfig/__init__.py.in:65
- msgid "Tune certificate verification"
--msgstr ""
-+msgstr "Régler la vérification du certificat"
-
- #: src/config/SSSDConfig/__init__.py.in:66
- msgid "All spaces in group or user names will be replaced with this character"
-@@ -123,15 +126,15 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:67
- msgid "Tune sssd to honor or ignore netlink state changes"
--msgstr ""
-+msgstr "Régler sssd pour honorer ou ignorer les changements d'état du netlink"
-
- #: src/config/SSSDConfig/__init__.py.in:68
- msgid "Enable or disable the implicit files domain"
--msgstr ""
-+msgstr "Activer ou désactiver le domaine des fichiers implicites"
-
- #: src/config/SSSDConfig/__init__.py.in:69
- msgid "A specific order of the domains to be looked up"
--msgstr ""
-+msgstr "Un ordre spécifique des domaines à rechercher"
-
- #: src/config/SSSDConfig/__init__.py.in:72
- msgid "Enumeration cache timeout length (seconds)"
-@@ -150,7 +153,7 @@ msgstr "Délai d'attente du cache négatif (en secondes)"
-
- #: src/config/SSSDConfig/__init__.py.in:75
- msgid "Files negative cache timeout length (seconds)"
--msgstr ""
-+msgstr "Délai d'attente du cache négatif (en secondes)"
-
- #: src/config/SSSDConfig/__init__.py.in:76
- msgid "Users that SSSD should explicitly ignore"
-@@ -214,7 +217,7 @@ msgstr "Durée de maintien en cache des enregistrements valides"
-
- #: src/config/SSSDConfig/__init__.py.in:88
- msgid "List of user attributes the NSS responder is allowed to publish"
--msgstr ""
-+msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
-
- #: src/config/SSSDConfig/__init__.py.in:91
- msgid "How long to allow cached logins between online logins (days)"
-@@ -242,7 +245,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:95
- msgid "Filter PAM responses sent to the pam_sss"
--msgstr ""
-+msgstr "Filtrez les réponses PAM envoyées à l'adresse pam_sss"
-
- #: src/config/SSSDConfig/__init__.py.in:96
- msgid "How many seconds to keep identity information cached for PAM requests"
-@@ -272,36 +275,40 @@ msgstr "Message affiché lorsque le compte a expiré"
-
- #: src/config/SSSDConfig/__init__.py.in:101
- msgid "Message printed when user account is locked."
--msgstr ""
-+msgstr "Message affiché lorsque le compte a expiré"
-
- #: src/config/SSSDConfig/__init__.py.in:102
- msgid "Allow certificate based/Smartcard authentication."
--msgstr ""
-+msgstr "Autoriser l'authentification par certificat/carte à puce."
-
- #: src/config/SSSDConfig/__init__.py.in:103
- msgid "Path to certificate database with PKCS#11 modules."
- msgstr ""
-+"Chemin d'accès à la base de données des certificats des modules PKCS#11."
-
- #: src/config/SSSDConfig/__init__.py.in:104
- msgid "How many seconds will pam_sss wait for p11_child to finish"
--msgstr ""
-+msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child"
-
- #: src/config/SSSDConfig/__init__.py.in:105
- msgid "Which PAM services are permitted to contact application domains"
- msgstr ""
-+"Quels services PAM sont autorisés à contacter les domaines d'application"
-
- #: src/config/SSSDConfig/__init__.py.in:106
- msgid "Allowed services for using smartcards"
--msgstr ""
-+msgstr "Services autorisés pour l'utilisation de cartes à puce"
-
- #: src/config/SSSDConfig/__init__.py.in:107
- msgid "Additional timeout to wait for a card if requested"
--msgstr ""
-+msgstr "Délai d'attente supplémentaire pour l'obtention d'une carte si demandé"
-
- #: src/config/SSSDConfig/__init__.py.in:108
- msgid ""
- "PKCS#11 URI to restrict the selection of devices for Smartcard authentication"
- msgstr ""
-+"URI PKCS#11 pour limiter la sélection des périphériques pour "
-+"l'authentification par carte à puce"
-
- #: src/config/SSSDConfig/__init__.py.in:111
- msgid "Whether to evaluate the time-based attributes in sudo rules"
-@@ -309,13 +316,15 @@ msgstr "Faut-il évaluer les attributs dépendants du temps dans les règles sud
-
- #: src/config/SSSDConfig/__init__.py.in:112
- msgid "If true, SSSD will switch back to lower-wins ordering logic"
--msgstr ""
-+msgstr "Si sur true, SSSD repasse en logique de commande à faible gain"
-
- #: src/config/SSSDConfig/__init__.py.in:113
- msgid ""
- "Maximum number of rules that can be refreshed at once. If this is exceeded, "
- "full refresh is performed."
- msgstr ""
-+"Nombre maximum de règles pouvant être rafraîchies en même temps. En cas de "
-+"dépassement, un rafraîchissement complet est effectué."
-
- #: src/config/SSSDConfig/__init__.py.in:119
- msgid "Whether to hash host names and addresses in the known_hosts file"
-@@ -332,17 +341,19 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:121
- msgid "Path to storage of trusted CA certificates"
--msgstr ""
-+msgstr "Chemin d'accès au stockage des certificats d'AC de confiance"
-
- #: src/config/SSSDConfig/__init__.py.in:122
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "Permet de générer des ssh-keys à partir de certificats"
-
- #: src/config/SSSDConfig/__init__.py.in:123
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
- msgstr ""
-+"Utilisez les règles de correspondance suivantes pour filtrer les certificats "
-+"pour la génération de clés ssh"
-
- #: src/config/SSSDConfig/__init__.py.in:126
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -351,7 +362,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:127
- msgid "How long the PAC data is considered valid"
--msgstr ""
-+msgstr "Durée de validité des données du PAC"
-
- #: src/config/SSSDConfig/__init__.py.in:130
- msgid "List of UIDs or user names allowed to access the InfoPipe responder"
-@@ -365,83 +376,94 @@ msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
-
- #: src/config/SSSDConfig/__init__.py.in:134
- msgid "The provider where the secrets will be stored in"
--msgstr ""
-+msgstr "Le fournisseur où les secrets seront stockés"
-
- #: src/config/SSSDConfig/__init__.py.in:135
- msgid "The maximum allowed number of nested containers"
--msgstr ""
-+msgstr "Le nombre maximal de conteneurs imbriqués autorisés"
-
- #: src/config/SSSDConfig/__init__.py.in:136
- msgid "The maximum number of secrets that can be stored"
--msgstr ""
-+msgstr "Le nombre maximum de secrets qui peuvent être stockés"
-
- #: src/config/SSSDConfig/__init__.py.in:137
- msgid "The maximum number of secrets that can be stored per UID"
--msgstr ""
-+msgstr "Le nombre maximum de secrets qui peuvent être stockés par UID"
-
- #: src/config/SSSDConfig/__init__.py.in:138
- msgid "The maximum payload size of a secret in kilobytes"
--msgstr ""
-+msgstr "La taille maximale de la charge utile d'un secret en kilo-octets"
-
- #: src/config/SSSDConfig/__init__.py.in:140
- msgid "The URL Custodia server is listening on"
--msgstr ""
-+msgstr "L'URL du serveur Custodia est en écoute sur"
-
- #: src/config/SSSDConfig/__init__.py.in:141
- msgid "The method to use when authenticating to a Custodia server"
- msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia"
-
- #: src/config/SSSDConfig/__init__.py.in:142
- msgid ""
- "The name of the headers that will be added into a HTTP request with the "
- "value defined in auth_header_value"
- msgstr ""
-+"Le nom des en-têtes qui seront ajoutés dans une requête HTTP avec la valeur "
-+"définie dans auth_header_value"
-
- #: src/config/SSSDConfig/__init__.py.in:143
- msgid "The value sssd-secrets would use for auth_header_name"
--msgstr ""
-+msgstr "La valeur que sssd-secrets utiliseraient pour auth_header_name"
-
- #: src/config/SSSDConfig/__init__.py.in:144
- msgid ""
- "The list of the headers to forward to the Custodia server together with the "
- "request"
- msgstr ""
-+"La liste des en-têtes à transmettre au serveur Custodia avec la requête"
-
- #: src/config/SSSDConfig/__init__.py.in:145
- msgid ""
- "The username to use when authenticating to a Custodia server using basic_auth"
- msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia "
-+"utilisant basic_auth"
-
- #: src/config/SSSDConfig/__init__.py.in:146
- msgid ""
- "The password to use when authenticating to a Custodia server using basic_auth"
- msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia "
-+"utilisant basic_auth"
-
- #: src/config/SSSDConfig/__init__.py.in:147
- msgid "If true peer's certificate is verified if proxy_url uses https protocol"
- msgstr ""
-+"Le certificat pair true est vérifié si proxy_url utilise le protocole https"
-
- #: src/config/SSSDConfig/__init__.py.in:148
- msgid ""
- "If false peer's certificate may contain different hostname than proxy_url "
- "when https protocol is used"
- msgstr ""
-+"Le certificat pair false peut contenir un nom d'hôte différent de proxy_url "
-+"lorsque le protocole https est utilisé"
-
- #: src/config/SSSDConfig/__init__.py.in:149
- msgid "Path to directory where certificate authority certificates are stored"
--msgstr ""
-+msgstr "Chemin d'accès au répertoire où sont stockés les certificats CA"
-
- #: src/config/SSSDConfig/__init__.py.in:150
- msgid "Path to file containing server's CA certificate"
--msgstr ""
-+msgstr "Chemin d'accès au fichier contenant le certificat CA du serveur"
-
- #: src/config/SSSDConfig/__init__.py.in:151
- msgid "Path to file containing client's certificate"
--msgstr ""
-+msgstr "Chemin d'accès au fichier contenant le certificat du client"
-
- #: src/config/SSSDConfig/__init__.py.in:152
- msgid "Path to file containing client's private key"
--msgstr ""
-+msgstr "Chemin d'accès au fichier contenant la clé privée du client"
-
- #: src/config/SSSDConfig/__init__.py.in:155
- msgid "Identity provider"
-@@ -473,15 +495,15 @@ msgstr "Fournisseur d'identité de l'hôte"
-
- #: src/config/SSSDConfig/__init__.py.in:162
- msgid "SELinux provider"
--msgstr ""
-+msgstr "Fournisseur SELinux"
-
- #: src/config/SSSDConfig/__init__.py.in:163
- msgid "Session management provider"
--msgstr ""
-+msgstr "Fournisseur de gestion de session"
-
- #: src/config/SSSDConfig/__init__.py.in:166
- msgid "Whether the domain is usable by the OS or by applications"
--msgstr ""
-+msgstr "Si le domaine est utilisable par l'OS ou par des applications"
-
- #: src/config/SSSDConfig/__init__.py.in:167
- msgid "Minimum user ID"
-@@ -533,10 +555,14 @@ msgid ""
- "How long should SSSD talk to single DNS server before trying next server "
- "(miliseconds)"
- msgstr ""
-+"Combien de temps le SSSD doit-il parler à un seul serveur DNS avant "
-+"d'essayer le serveur suivant (en millisecondes)"
-
- #: src/config/SSSDConfig/__init__.py.in:177
- msgid "How long should keep trying to resolve single DNS query (seconds)"
- msgstr ""
-+"Combien de temps faut-il continuer à essayer de résoudre une seule requête "
-+"DNS (en secondes)"
-
- #: src/config/SSSDConfig/__init__.py.in:178
- msgid "How long to wait for replies from DNS when resolving servers (seconds)"
-@@ -598,7 +624,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:196
- msgid "Override the DNS server used to perform the DNS update"
--msgstr ""
-+msgstr "Remplace le serveur DNS utilisé pour effectuer la mise à jour du DNS"
-
- #: src/config/SSSDConfig/__init__.py.in:197
- msgid "Control enumeration of trusted domains"
-@@ -614,15 +640,18 @@ msgstr "Listes des options qui doivent être héritées dans le sous-domaine"
-
- #: src/config/SSSDConfig/__init__.py.in:200
- msgid "Default subdomain homedir value"
--msgstr ""
-+msgstr "Valeur par défaut du sous-domaine homedir"
-
- #: src/config/SSSDConfig/__init__.py.in:201
- msgid "How long can cached credentials be used for cached authentication"
- msgstr ""
-+"Combien de temps les informations d'identification en cache peuvent-elles "
-+"être utilisées pour l'authentification en cache"
-
- #: src/config/SSSDConfig/__init__.py.in:204
- msgid "Whether to automatically create private groups for users"
- msgstr ""
-+"S'il faut créer automatiquement des groupes privés pour les utilisateurs"
-
- #: src/config/SSSDConfig/__init__.py.in:207
- msgid "IPA domain"
-@@ -716,19 +745,23 @@ msgstr "Classe d'objet surchargeant les groupes"
-
- #: src/config/SSSDConfig/__init__.py.in:229
- msgid "Search base for Desktop Profile related objects"
--msgstr ""
-+msgstr "Base de recherche pour les objets liés au Profil du Bureau"
-
- #: src/config/SSSDConfig/__init__.py.in:230
- msgid ""
- "The amount of time in seconds between lookups of the Desktop Profile rules "
- "against the IPA server"
- msgstr ""
-+"Le temps, en secondes, entre les consultations des règles du profil du "
-+"bureau sur le serveur IPA"
-
- #: src/config/SSSDConfig/__init__.py.in:231
- msgid ""
- "The amount of time in minutes between lookups of Desktop Profiles rules "
- "against the IPA server when the last request did not find any rule"
- msgstr ""
-+"Le temps en minutes entre les consultations des règles de profile de bureau "
-+"sur le serveur IPA lorsque la dernière requête n'a trouvé aucune règle"
-
- #: src/config/SSSDConfig/__init__.py.in:234
- msgid "Active Directory domain"
-@@ -736,7 +769,7 @@ msgstr "Domaine Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:235
- msgid "Enabled Active Directory domains"
--msgstr ""
-+msgstr "Domaine d’Active Directory activés"
-
- #: src/config/SSSDConfig/__init__.py.in:236
- msgid "Active Directory server address"
-@@ -751,7 +784,7 @@ msgid "Active Directory client hostname"
- msgstr "Nom de système du client Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
-
-@@ -835,220 +868,232 @@ msgstr "un site particulier utilisé par le client"
- msgid ""
- "Maximum age in days before the machine account password should be renewed"
- msgstr ""
-+"Âge maximum en jours avant que le mot de passe du compte de la machine ne "
-+"soit renouvelé"
-
- #: src/config/SSSDConfig/__init__.py.in:254
- msgid "Option for tuning the machine account renewal task"
-+msgstr "Option de réglage de la tâche de renouvellement du compte machine"
-+
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Adresse du serveur Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adresse du serveur Kerberos de secours"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Domaine Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Délai avant expiration de l'authentification"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Choisir de créer ou non les fichiers kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Où déposer les extraits de configuration krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Répertoire pour stocker les caches de crédits"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Emplacement du cache de crédits de l'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Emplacement du fichier keytab de validation des crédits"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Activer la validation des crédits"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure "
- "en ligne"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Durée de vie renouvelable du TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Durée de vie du TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Durée entre deux vérifications pour le renouvellement"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Active FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Sélectionne le principal à utiliser avec FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Active la canonisation du principal"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Active les principals d'entreprise"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-+"Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Serveur où tourne le service de changement de mot de passe s'il n'est pas "
- "sur le KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, l'adresse du serveur LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, l'URI du serveur LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "La base DN par défaut"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
--msgstr ""
-+msgstr "Mode utilisé pour modifier le mot de passe utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Le DN de connexion par défaut"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Le jeton d'authentification du DN de connexion par défaut"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "N'utiliser que des majuscules pour les noms de domaine"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Fichier contenant les certificats des CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Chemin vers le répertoire de certificats des CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Fichier contenant le certificat client"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Fichier contenant la clé du client"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Liste des suites de chiffrement possibles"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Requiert une vérification de certificat TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Spécifier le mécanisme SASL à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Service du fichier keytab de Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Suivre les référents LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Durée de vie du TGT pour la connexion LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Comment déréférencer les alias"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Nom du service pour les recherches DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Nombre de membres qui doivent être manquants pour activer un déréférencement "
- "complet"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1056,389 +1101,389 @@ msgstr ""
- "Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le "
- "nom d'hôte pendant une connexion SASL ?"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "attribut entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "attribut lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Combien de temps conserver la connexion au serveur LDAP avant de se "
- "déconnecter"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Désactiver le contrôle des pages LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Désactiver la récupération de plage Active Directory."
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Durée d'attente pour une requête de recherche"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Durée d'attente pour une requête d'énumération"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Durée entre deux mises à jour d'énumération"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Durée entre les nettoyages de cache"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "TLS est requis pour les recherches d'identifiants"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
- "Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-"
- "établis"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Base DN pour les recherches d'utilisateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Scope des recherches d'utilisateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtre pour les recherches d'utilisateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Classe d'objet pour les utilisateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Attribut de nom d'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Attribut UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Attribut de GID primaire"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Attribut GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Attribut de répertoire utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Attribut d'interpréteur de commandes"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "attribut UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "attribut objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Groupe primaire Active Directory pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Attribut d'utilisateur principal (pour Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nom complet"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Attribut memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Attribut de date de modification"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "Attribut shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "Attribut shadowMin"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "Attribut shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "Attribut shadowWarning"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "Attribut shadowInactive"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "Attribut shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "Attribut shadowFlag"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Attribut listant les services PAM autorisés"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
--msgstr "Attribut listant les systèmes serveurs autorisés"
-+msgstr "Attribut listant les hôtes de serveurs autorisés"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
--msgstr ""
-+msgstr "Attribut listant les rhosts de serveurs autorisés"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "Attribut krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "Attribut krbPasswordExpiration"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "Attribut indiquant que la stratégie de mot de passe du serveur est active"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "Attribut AD accountExpires"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "Attribut AD userAccountControl"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "Attribut nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "Attribut NDS loginDisabled"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "Attribut NDS loginExpirationTime"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "Attribut NDS loginAllowedTimeMap"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Attribut de clé public SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
- "attribut énumérant les types d'authentification autorisés pour un utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "attribut contenant le certificat X509 de l'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
--msgstr ""
-+msgstr "attribut contenant l’adresse email de l'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Une liste des attributs supplémentaires à télécharger avec l'entrée de "
- "l'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "DN de base pour les recherches de groupes"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Classe d'objet pour les groupes"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Nom du groupe"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Mot de passe du groupe"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Attribut GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Attribut membre du groupe"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "attribut de l'UUID du groupe"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Attribut de date de modification pour les groupes"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Type de groupe et autres indicateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
--msgstr ""
-+msgstr "L'attribut de membre externe du groupe LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
--msgstr ""
-+msgstr "Le niveau d'imbrication maximal du SSSD suivra"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "DN de base pour les recherches de netgroup"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Classe d'objet pour les groupes réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nom du groupe réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Attribut des membres des groupes réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Attribut triplet du groupe réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Attribut date de modification pour les groupes réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Nom de domaine (DN) de base pour les recherches de service"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Classe objet pour les services"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Attribut de nom de service"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Attribut de port du service"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Attribut de service du protocole"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Limite inférieure pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Limite supérieure pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Nombre d'ID par tranche pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
- "Utilisation d'un algorithme compatible autorid pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Nom du domaine par défaut pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID du domaine par défaut pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
--msgstr ""
-+msgstr "Nombre de tranches secondaires"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Choisir d'utiliser ou non les groupes de jetons"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
- "Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
- "Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN pour les requêtes sur ppolicy"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
--msgstr ""
-+msgstr "Combien d'entrées maximum à récupérer lors d'une demande de wildcard"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
- "URI d'un serveur LDAP de secours où sont autorisées les modifications de mot "
- "de passe"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1446,23 +1491,23 @@ msgstr ""
- "Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un "
- "changement de mot de passe"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Périodicité de rafraichissement total"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Périodicité de rafraichissement intelligent"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1470,139 +1515,140 @@ msgstr ""
- "Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour "
- "filtrer les règles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles "
- "sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Inclure ou non les règles qui contiennent un netgroup dans l'attribut host"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Inclure ou non les règles qui contiennent une expression rationnelle dans "
- "l'attribut host"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Classe objet pour les règles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-+"Nom de l'attribut qui est utilisé comme classe d'objet pour les règles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Règle de nom sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Attribut de commande de règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Attribut hôte de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Attribut utilisateur de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Attribut option de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Attribut de règle sudo runas"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Attribut runasuser de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Attribut runasgroup de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Attribut notbefore de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Attribut notafter de règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Attribut d'ordre de règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Classe objet pour la carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Nom de l'attribut de carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Classe objet pour l'entrée de référence de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Attribut de valeur pour la carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Base DN pour les requêtes de carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Interpréteur de commande par défaut : /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Base pour les répertoires utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
--msgstr ""
-+msgstr "Le nombre d'enfants proxy pré-fourche."
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Nom de la bibliothèque NSS à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Pile PAM à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
--msgstr ""
-+msgstr "Chemin des sources des fichiers passwd."
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
--msgstr ""
-+msgstr "Chemin des sources des fichiers de groupe."
-
- #: src/monitor/monitor.c:2355
- msgid "Become a daemon (default)"
-@@ -1614,7 +1660,7 @@ msgstr "Fonctionner en interactif (non démon)"
-
- #: src/monitor/monitor.c:2360
- msgid "Disable netlink interface"
--msgstr ""
-+msgstr "Désactiver l'interface netlink"
-
- #: src/monitor/monitor.c:2362 src/tools/sssctl/sssctl_logs.c:311
- msgid "Specify a non-default config file"
-@@ -1622,11 +1668,11 @@ msgstr "Définir un fichier de configuration différent de celui par défaut"
-
- #: src/monitor/monitor.c:2364
- msgid "Refresh the configuration database, then exit"
--msgstr ""
-+msgstr "Rafraîchissez la base de données de configuration, puis quittez"
-
- #: src/monitor/monitor.c:2367
- msgid "Similar to --genconf, but only refreshes the given section"
--msgstr ""
-+msgstr "Semblable à --genconf, mais ne rafraîchit que la section donnée"
-
- #: src/monitor/monitor.c:2370
- msgid "Print version number and exit"
-@@ -1634,7 +1680,7 @@ msgstr "Afficher le numéro de version et quitte"
-
- #: src/monitor/monitor.c:2514
- msgid "SSSD is already running\n"
--msgstr ""
-+msgstr "SSSD est déjà en cours d'exécution\n"
-
- #: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:624
- msgid "Debug level"
-@@ -1666,31 +1712,31 @@ msgstr "Le groupe à utiliser pour la création du ccache FAST"
-
- #: src/providers/krb5/krb5_child.c:3249
- msgid "Kerberos realm to use"
--msgstr ""
-+msgstr "Domaine Kerberos à utiliser"
-
- #: src/providers/krb5/krb5_child.c:3251
- msgid "Requested lifetime of the ticket"
--msgstr ""
-+msgstr "Demande de renouvellement à vie du billet"
-
- #: src/providers/krb5/krb5_child.c:3253
- msgid "Requested renewable lifetime of the ticket"
--msgstr ""
-+msgstr "Demande de renouvellement à vie du billet"
-
- #: src/providers/krb5/krb5_child.c:3255
- msgid "FAST options ('never', 'try', 'demand')"
--msgstr ""
-+msgstr "Options FAST ('never', 'try', 'demand')"
-
- #: src/providers/krb5/krb5_child.c:3258
- msgid "Specifies the server principal to use for FAST"
--msgstr ""
-+msgstr "Spécifie le principal de serveur afin d'utiliser FAST."
-
- #: src/providers/krb5/krb5_child.c:3260
- msgid "Requests canonicalization of the principal name"
--msgstr ""
-+msgstr "Demande la canonisation du nom principal"
-
- #: src/providers/krb5/krb5_child.c:3262
- msgid "Use custom version of krb5_get_init_creds_password"
--msgstr ""
-+msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
-
- #: src/providers/data_provider_be.c:711
- msgid "Domain of the information provider (mandatory)"
-@@ -1716,11 +1762,11 @@ msgstr "SSSD n'est pas démarré par root."
-
- #: src/sss_client/common.c:1091
- msgid "SSSD socket does not exist."
--msgstr ""
-+msgstr "La socket SSSD n'existe pas."
-
- #: src/sss_client/common.c:1094
- msgid "Cannot get stat of SSSD socket."
--msgstr ""
-+msgstr "Impossible d'obtenir le stat du socket SSSD."
-
- #: src/sss_client/common.c:1099
- msgid "An error occurred, but no description can be found."
-@@ -1802,7 +1848,7 @@ msgstr "Premier facteur :"
-
- #: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
- msgid "Second Factor (optional): "
--msgstr ""
-+msgstr "Deuxième facteur (facultatif) : "
-
- #: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
- msgid "Second Factor: "
-@@ -1814,7 +1860,7 @@ msgstr "Mot de passe : "
-
- #: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
- msgid "First Factor (Current Password): "
--msgstr ""
-+msgstr "Premier facteur (mot de passe actuel) : "
-
- #: src/sss_client/pam_sss.c:2349
- msgid "Current Password: "
-@@ -1864,7 +1910,7 @@ msgstr "Le port à utiliser pour se connecter à l'hôte"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
- msgid "Print the host ssh public keys"
--msgstr ""
-+msgstr "Imprimer les clés publiques ssh de l'hôte"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
- msgid "Invalid port\n"
-@@ -1881,7 +1927,7 @@ msgstr "Le chemin vers la commande de proxy doit être absolue\n"
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
- #, c-format
- msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
--msgstr ""
-+msgstr "sss_ssh_knownhostsproxy : Impossible de résoudre le nom d'hôte %s\n"
-
- #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
- msgid "The UID of the user"
-@@ -2342,7 +2388,7 @@ msgstr "Impossible d'invalider %1$s %2$s\n"
-
- #: src/tools/sss_cache.c:721
- msgid "Invalidate all cached entries"
--msgstr ""
-+msgstr "Invalidez toutes les entrées en cache"
-
- #: src/tools/sss_cache.c:723
- msgid "Invalidate particular user"
-@@ -2394,11 +2440,11 @@ msgstr "Invalider tous les hôtes SSH"
-
- #: src/tools/sss_cache.c:752
- msgid "Invalidate particular sudo rule"
--msgstr ""
-+msgstr "Invalider une règle sudo particulière"
-
- #: src/tools/sss_cache.c:754
- msgid "Invalidate all cached sudo rules"
--msgstr ""
-+msgstr "Invalider toutes les règles sudo en cache"
-
- #: src/tools/sss_cache.c:757
- msgid "Only invalidate entries from a particular domain"
-@@ -2409,6 +2455,8 @@ msgid ""
- "Unexpected argument(s) provided, options that invalidate a single object "
- "only accept a single provided argument.\n"
- msgstr ""
-+"Argument(s) inattendu(s) fourni(s), les options qui invalident un seul objet "
-+"n'acceptent qu'un seul argument fourni.\n"
-
- #: src/tools/sss_cache.c:821
- msgid "Please select at least one object to invalidate\n"
-@@ -2445,298 +2493,307 @@ msgstr "%1$s doit être lancé en tant que root\n"
-
- #: src/tools/sssctl/sssctl.c:35
- msgid "yes"
--msgstr ""
-+msgstr "oui"
-
- #: src/tools/sssctl/sssctl.c:37
- msgid "no"
--msgstr ""
-+msgstr "non"
-
- #: src/tools/sssctl/sssctl.c:39
- msgid "error"
--msgstr ""
-+msgstr "erreur"
-
- #: src/tools/sssctl/sssctl.c:42
- msgid "Invalid result."
--msgstr ""
-+msgstr "Résultat non valide."
-
- #: src/tools/sssctl/sssctl.c:78
- msgid "Unable to read user input\n"
--msgstr ""
-+msgstr "Impossible de lire l'entrée de l'utilisateur\n"
-
- #: src/tools/sssctl/sssctl.c:91
- #, c-format
- msgid "Invalid input, please provide either '%s' or '%s'.\n"
--msgstr ""
-+msgstr "Entrée non valable, veuillez fournir %s ou %s\n"
-
- #: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
- msgid "Error while executing external command\n"
--msgstr ""
-+msgstr "Erreur lors de l'exécution d'une commande externe\n"
-
- #: src/tools/sssctl/sssctl.c:156
- msgid "SSSD needs to be running. Start SSSD now?"
--msgstr ""
-+msgstr "Le SSSD doit être exécuté. Démarrer le SSSD maintenant ?"
-
- #: src/tools/sssctl/sssctl.c:195
- msgid "SSSD must not be running. Stop SSSD now?"
- msgstr ""
-+"Le SSSD ne doit pas être en cours d'exécution. Arrêter le SSSD maintenant ?"
-
- #: src/tools/sssctl/sssctl.c:231
- msgid "SSSD needs to be restarted. Restart SSSD now?"
--msgstr ""
-+msgstr "Le SSSD doit être relancé. Redémarrer SSSD maintenant ?"
-
- #: src/tools/sssctl/sssctl_cache.c:31
- #, c-format
- msgid " %s is not present in cache.\n"
--msgstr ""
-+msgstr " %s n'est pas présent dans le cache.\n"
-
- #: src/tools/sssctl/sssctl_cache.c:33
- msgid "Name"
--msgstr ""
-+msgstr "Nom"
-
- #: src/tools/sssctl/sssctl_cache.c:34
- msgid "Cache entry creation date"
--msgstr ""
-+msgstr "Date de création de l'entrée en cache"
-
- #: src/tools/sssctl/sssctl_cache.c:35
- msgid "Cache entry last update time"
--msgstr ""
-+msgstr "Heure de la dernière mise à jour de l'entrée du cache"
-
- #: src/tools/sssctl/sssctl_cache.c:36
- msgid "Cache entry expiration time"
--msgstr ""
-+msgstr "Temps d'expiration de l'entrée du cache"
-
- #: src/tools/sssctl/sssctl_cache.c:37
- msgid "Cached in InfoPipe"
--msgstr ""
-+msgstr "Mise en cache dans InfoPipe"
-
- #: src/tools/sssctl/sssctl_cache.c:522
- #, c-format
- msgid "Error: Unable to get object [%d]: %s\n"
--msgstr ""
-+msgstr "Erreur : Impossible d'obtenir l'objet [%d] : %s\n"
-
- #: src/tools/sssctl/sssctl_cache.c:538
- #, c-format
- msgid "%s: Unable to read value [%d]: %s\n"
--msgstr ""
-+msgstr "%s: Impossible de lire la valeur [%d] : %s\n"
-
- #: src/tools/sssctl/sssctl_cache.c:566
- msgid "Specify name."
--msgstr ""
-+msgstr "Indiquez le nom."
-
- #: src/tools/sssctl/sssctl_cache.c:576
- #, c-format
- msgid "Unable to parse name %s.\n"
--msgstr ""
-+msgstr "Impossible d'analyser le nom %s.\n"
-
- #: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
- msgid "Search by SID"
--msgstr ""
-+msgstr "Recherche par SID"
-
- #: src/tools/sssctl/sssctl_cache.c:603
- msgid "Search by user ID"
--msgstr ""
-+msgstr "Recherche par ID utilisateur"
-
- #: src/tools/sssctl/sssctl_cache.c:612
- msgid "Initgroups expiration time"
--msgstr ""
-+msgstr "Délai d'expiration des initgroups"
-
- #: src/tools/sssctl/sssctl_cache.c:650
- msgid "Search by group ID"
--msgstr ""
-+msgstr "Recherche par ID de groupe"
-
- #: src/tools/sssctl/sssctl_config.c:70
- #, c-format
- msgid "Failed to open %s\n"
--msgstr ""
-+msgstr "N’a pas pu ouvrir %s\n"
-
- #: src/tools/sssctl/sssctl_config.c:75
- #, c-format
- msgid "File %1$s does not exist.\n"
--msgstr ""
-+msgstr "Le fichier %1$s n’existe pas.\n"
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
- "File ownership and permissions check failed. Expected root:root and 0600.\n"
- msgstr ""
-+"La vérification de la propriété et des permissions des fichiers a échoué. "
-+"Attendue : root:root et 0600.\n"
-
- #: src/tools/sssctl/sssctl_config.c:85
- #, c-format
- msgid "Failed to load configuration configuration from %s.\n"
--msgstr ""
-+msgstr "Echec du chargement de la configuration à partir de %s.\n"
-
- #: src/tools/sssctl/sssctl_config.c:91
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "Erreur lors de la lecture du répertoire de configuration.\n"
-
- #: src/tools/sssctl/sssctl_config.c:99
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
-+"Il n'y a pas de configuration. SSSD utilisera la configuration par défaut "
-+"avec le fournisseur de fichiers.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "Échec de l'exécution des validateurs"
-
- #: src/tools/sssctl/sssctl_config.c:115
- #, c-format
- msgid "Issues identified by validators: %zu\n"
--msgstr ""
-+msgstr "Problèmes identifiés par les validateurs : %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:126
- #, c-format
- msgid "Messages generated during configuration merging: %zu\n"
--msgstr ""
-+msgstr "Messages générés lors de la fusion des configurations : %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
- #, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr ""
-+msgstr "Fichiers de configuration utilisés : %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
- msgid "Unable to create backup directory [%d]: %s"
--msgstr ""
-+msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s"
-
- #: src/tools/sssctl/sssctl_data.c:95
- msgid "SSSD backup of local data already exists, override?"
--msgstr ""
-+msgstr "La sauvegarde SSSD des données locales existe déjà, la remplacer ?"
-
- #: src/tools/sssctl/sssctl_data.c:111
- msgid "Unable to export user overrides\n"
--msgstr ""
-+msgstr "Impossible d'exporter les substitutions d'utilisateur\n"
-
- #: src/tools/sssctl/sssctl_data.c:118
- msgid "Unable to export group overrides\n"
--msgstr ""
-+msgstr "Impossible d'exporter les substitutions de groupes\n"
-
- #: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
- msgid "Override existing backup"
--msgstr ""
-+msgstr "Remplacer la sauvegarde existante"
-
- #: src/tools/sssctl/sssctl_data.c:164
- msgid "Unable to import user overrides\n"
--msgstr ""
-+msgstr "Impossible d'importer les substitutions d'utilisateur\n"
-
- #: src/tools/sssctl/sssctl_data.c:173
- msgid "Unable to import group overrides\n"
--msgstr ""
-+msgstr "Impossible d'importer les substitutions de groupes\n"
-
- #: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
- #: src/tools/sssctl/sssctl_domains.c:328
- msgid "Start SSSD if it is not running"
--msgstr ""
-+msgstr "Démarrer SSSD s'il n'est pas en cours d'exécution"
-
- #: src/tools/sssctl/sssctl_data.c:195
- msgid "Restart SSSD after data import"
--msgstr ""
-+msgstr "Redémarrer SSSD après l'importation des données"
-
- #: src/tools/sssctl/sssctl_data.c:218
- msgid "Create clean cache files and import local data"
--msgstr ""
-+msgstr "Créer des fichiers de cache propres et importer des données locales"
-
- #: src/tools/sssctl/sssctl_data.c:219
- msgid "Stop SSSD before removing the cache"
--msgstr ""
-+msgstr "Arrêtez SSSD avant de supprimer le cache"
-
- #: src/tools/sssctl/sssctl_data.c:220
- msgid "Start SSSD when the cache is removed"
--msgstr ""
-+msgstr "Démarrer SSSD lorsque le cache est supprimé"
-
- #: src/tools/sssctl/sssctl_data.c:235
- msgid "Creating backup of local data...\n"
--msgstr ""
-+msgstr "Création d'une sauvegarde des données locales...\n"
-
- #: src/tools/sssctl/sssctl_data.c:238
- msgid "Unable to create backup of local data, can not remove the cache.\n"
- msgstr ""
-+"Impossible de créer une sauvegarde des données locales, impossible de "
-+"supprimer le cache.\n"
-
- #: src/tools/sssctl/sssctl_data.c:243
- msgid "Removing cache files...\n"
--msgstr ""
-+msgstr "Suppression des fichiers de cache...\n"
-
- #: src/tools/sssctl/sssctl_data.c:246
- msgid "Unable to remove cache files\n"
--msgstr ""
-+msgstr "Impossible de supprimer les fichiers de cache\n"
-
- #: src/tools/sssctl/sssctl_data.c:251
- msgid "Restoring local data...\n"
--msgstr ""
-+msgstr "Restauration des données locales...\n"
-
- #: src/tools/sssctl/sssctl_domains.c:83
- msgid "Show domain list including primary or trusted domain type"
- msgstr ""
-+"Afficher la liste des domaines, y compris le type de domaine principal ou de "
-+"confiance"
-
- #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
- #: src/tools/sssctl/sssctl_user_checks.c:95
- msgid "Unable to connect to system bus!\n"
--msgstr ""
-+msgstr "Impossible de se connecter au bus système !\n"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Online"
--msgstr ""
-+msgstr "En ligne"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Offline"
--msgstr ""
-+msgstr "Hors ligne"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- #, c-format
- msgid "Online status: %s\n"
--msgstr ""
-+msgstr "Statut en ligne : %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
- msgid "This domain has no active servers.\n"
--msgstr ""
-+msgstr "Ce domaine n'a pas de serveurs actifs.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
--msgstr ""
-+msgstr "Serveurs actifs :\n"
-
- #: src/tools/sssctl/sssctl_domains.c:230
- msgid "not connected"
--msgstr ""
-+msgstr "non connecté"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "Aucun serveur découvert.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
- msgid "Discovered %s servers:\n"
--msgstr ""
-+msgstr "%s serveurs découverts :\n"
-
- #: src/tools/sssctl/sssctl_domains.c:285
- msgid "None so far.\n"
--msgstr ""
-+msgstr "Aucun pour l'instant.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:325
- msgid "Show online status"
--msgstr ""
-+msgstr "Afficher le statut en ligne"
-
- #: src/tools/sssctl/sssctl_domains.c:326
- msgid "Show information about active server"
--msgstr ""
-+msgstr "Afficher les informations sur le serveur actif"
-
- #: src/tools/sssctl/sssctl_domains.c:327
- msgid "Show list of discovered servers"
--msgstr ""
-+msgstr "Afficher la liste des serveurs découverts"
-
- #: src/tools/sssctl/sssctl_domains.c:333
- msgid "Specify domain name."
--msgstr ""
-+msgstr "Indiquer le nom de domaine."
-
- #: src/tools/sssctl/sssctl_domains.c:355
- msgid "Out of memory!\n"
--msgstr ""
-+msgstr "Plus de mémoire disponible !\n"
-
- #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
- msgid "Unable to get online status\n"
--msgstr ""
-+msgstr "Impossible d'obtenir le statut en ligne\n"
-
- #: src/tools/sssctl/sssctl_domains.c:395
- msgid "Unable to get server list\n"
--msgstr ""
-+msgstr "Impossible d'obtenir la liste des serveurs\n"
-
- #: src/tools/sssctl/sssctl_logs.c:47
- msgid "\n"
-@@ -2744,92 +2801,92 @@ msgstr "\n"
-
- #: src/tools/sssctl/sssctl_logs.c:237
- msgid "Delete log files instead of truncating"
--msgstr ""
-+msgstr "Supprimer les fichiers de log au lieu de tronquer"
-
- #: src/tools/sssctl/sssctl_logs.c:248
- msgid "Deleting log files...\n"
--msgstr ""
-+msgstr "Suppression des fichiers journaux...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:251
- msgid "Unable to remove log files\n"
--msgstr ""
-+msgstr "Impossible de supprimer les fichiers journaux\n"
-
- #: src/tools/sssctl/sssctl_logs.c:257
- msgid "Truncating log files...\n"
--msgstr ""
-+msgstr "Troncature des fichiers de journalisation...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:260
- msgid "Unable to truncate log files\n"
--msgstr ""
-+msgstr "Impossible de tronquer les fichiers de journalisation\n"
-
- #: src/tools/sssctl/sssctl_logs.c:286
- msgid "Out of memory!"
--msgstr ""
-+msgstr "Plus de mémoire disponible !"
-
- #: src/tools/sssctl/sssctl_logs.c:289
- #, c-format
- msgid "Archiving log files into %s...\n"
--msgstr ""
-+msgstr "Archivage des fichiers journaux dans %s...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:292
- msgid "Unable to archive log files\n"
--msgstr ""
-+msgstr "Impossible d'archiver les fichiers journaux\n"
-
- #: src/tools/sssctl/sssctl_logs.c:317
- msgid "Specify debug level you want to set"
--msgstr ""
-+msgstr "Spécifiez le niveau de débogage que vous souhaitez définir"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
--msgstr ""
-+msgstr "Résultat de la recherche de l'utilisateur SSSD InfoPipe :\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:167
- #, c-format
- msgid "dlopen failed with [%s].\n"
--msgstr ""
-+msgstr "dlopen a échoué avec [%s].\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:174
- #, c-format
- msgid "dlsym failed with [%s].\n"
--msgstr ""
-+msgstr "dlopen a échoué avec [%s].\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:182
- msgid "malloc failed.\n"
--msgstr ""
-+msgstr "malloc a échoué.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:189
- #, c-format
- msgid "sss_getpwnam_r failed with [%d].\n"
--msgstr ""
-+msgstr "sss_getpwnam_r a échoué avec [%d].\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:194
- msgid "SSSD nss user lookup result:\n"
--msgstr ""
-+msgstr "Résultat de la recherche de l'utilisateur SSSD nss :\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:195
- #, c-format
- msgid " - user name: %s\n"
--msgstr ""
-+msgstr " - user name: %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:196
- #, c-format
- msgid " - user id: %d\n"
--msgstr ""
-+msgstr " - user id: %d\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:197
- #, c-format
- msgid " - group id: %d\n"
--msgstr ""
-+msgstr " - group id: %d\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:198
- #, c-format
- msgid " - gecos: %s\n"
--msgstr ""
-+msgstr " - gecos: %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:199
- #, c-format
- msgid " - home directory: %s\n"
--msgstr ""
-+msgstr " - home directory: %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:200
- #, c-format
-@@ -2837,18 +2894,20 @@ msgid ""
- " - shell: %s\n"
- "\n"
- msgstr ""
-+" - shell: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:232
- msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
--msgstr ""
-+msgstr "Action PAM [auth|acct|setc|chau|open|clos], par défaut : "
-
- #: src/tools/sssctl/sssctl_user_checks.c:235
- msgid "PAM service, default: "
--msgstr ""
-+msgstr "Service PAM, par défaut : "
-
- #: src/tools/sssctl/sssctl_user_checks.c:240
- msgid "Specify user name."
--msgstr ""
-+msgstr "Spécifiez le nom d'utilisateur."
-
- #: src/tools/sssctl/sssctl_user_checks.c:247
- #, c-format
-@@ -2858,45 +2917,53 @@ msgid ""
- "service: %s\n"
- "\n"
- msgstr ""
-+"utilisateur: %s\n"
-+"action: %s\n"
-+"service: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:252
- #, c-format
- msgid "User name lookup with [%s] failed.\n"
--msgstr ""
-+msgstr "La recherche de nom d'utilisateur avec [%s] a échoué.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:257
- #, c-format
- msgid "InfoPipe User lookup with [%s] failed.\n"
--msgstr ""
-+msgstr "La recherche de l'utilisateur InfoPipe avec [%s] a échoué.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:263
- #, c-format
- msgid "pam_start failed: %s\n"
--msgstr ""
-+msgstr "pam_start a échoué : %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:268
- msgid ""
- "testing pam_authenticate\n"
- "\n"
- msgstr ""
-+"test de pam_authenticate\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:272
- #, c-format
- msgid "pam_get_item failed: %s\n"
--msgstr ""
-+msgstr "pam_get_item a échoué : %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:275
- #, c-format
- msgid ""
- "pam_authenticate for user [%s]: %s\n"
- "\n"
--msgstr ""
-+msgstr "pam_authenticate pour l'utilisateur [%s] : %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:278
- msgid ""
- "testing pam_chauthtok\n"
- "\n"
- msgstr ""
-+"test pam_chauthtok\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:280
- #, c-format
-@@ -2904,12 +2971,16 @@ msgid ""
- "pam_chauthtok: %s\n"
- "\n"
- msgstr ""
-+"pam_chauthtok: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:282
- msgid ""
- "testing pam_acct_mgmt\n"
- "\n"
- msgstr ""
-+"test de pam_acct_mgmt\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:284
- #, c-format
-@@ -2917,12 +2988,16 @@ msgid ""
- "pam_acct_mgmt: %s\n"
- "\n"
- msgstr ""
-+"pam_acct_mgmt: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:286
- msgid ""
- "testing pam_setcred\n"
- "\n"
- msgstr ""
-+"test de pam_setcred\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:288
- #, c-format
-@@ -2930,12 +3005,16 @@ msgid ""
- "pam_setcred: [%s]\n"
- "\n"
- msgstr ""
-+"pam_setcred: [%s]\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:290
- msgid ""
- "testing pam_open_session\n"
- "\n"
- msgstr ""
-+"test pam_open_session\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:292
- #, c-format
-@@ -2943,12 +3022,16 @@ msgid ""
- "pam_open_session: %s\n"
- "\n"
- msgstr ""
-+"pam_open_session: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:294
- msgid ""
- "testing pam_close_session\n"
- "\n"
- msgstr ""
-+"test pam_close_session\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:296
- #, c-format
-@@ -2956,18 +3039,20 @@ msgid ""
- "pam_close_session: %s\n"
- "\n"
- msgstr ""
-+"pam_close_session: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:298
- msgid "unknown action\n"
--msgstr ""
-+msgstr "action inconnue\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:301
- msgid "PAM Environment:\n"
--msgstr ""
-+msgstr "Environnement PAM :\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:309
- msgid " - no env -\n"
--msgstr ""
-+msgstr " - no env -\n"
-
- #: src/util/util.h:82
- msgid "The user ID to run the server as"
-@@ -2979,8 +3064,8 @@ msgstr "L'identifiant de groupe sous lequel faire tourner le serveur"
-
- #: src/util/util.h:92
- msgid "Informs that the responder has been socket-activated"
--msgstr ""
-+msgstr "Informe que le répondeur a été activé par un socket"
-
- #: src/util/util.h:94
- msgid "Informs that the responder has been dbus-activated"
--msgstr ""
-+msgstr "Informe que le répondeur a été activé par un dbus"
-diff --git a/po/hu.po b/po/hu.po
-index d49e39451..820671425 100644
---- a/po/hu.po
-+++ b/po/hu.po
-@@ -10,7 +10,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:45+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -697,7 +697,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -768,737 +768,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos-kiszolgáló címe"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos-tartomány"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Időtúllépés azonosításkor"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, az LDAP szerver URI-ja"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Alapértelmezett LDAP alap-DN-je"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Az LDAP szerveren használt séma-típus, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Az alapértelmezett bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "A kapcsolódási próbálkozás időtartama"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "A CA tanusítványokat tartalmazó fájl"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "TLS tanusítvány ellenőrzése"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "TLS megkövetelése ID keresésekor"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS attribútum"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Shell attribútum"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Teljes név"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "memberOf attribútum"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Csoport neve"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Csoport jelszava"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Alapértelmezett shell, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/id.po b/po/id.po
-index 3ffde26aa..cce27c3b3 100644
---- a/po/id.po
-+++ b/po/id.po
-@@ -7,7 +7,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:46+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -694,7 +694,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -765,737 +765,746 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Alamat server Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Realm Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, URI server LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Lamanya waktu untuk mencoba koneksi"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Membutuhkan verifikasi sertifikat TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Tentukan mekanisme sasl yang digunakan"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Tentukan id otorisasi sasl yang digunakan"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Tentukan id otorisasi sasl yang digunakan"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Keytab layanan Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Lingkup pencarian pengguna"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filter pencarian pengguna"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass untuk pengguna"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Atribut Nama pengguna"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Atribut UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Atribut GID Primer"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Atribut GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Atribut direktori Home"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Atribut Shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Atribut utama pengguna (untuk Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nama Lengkap"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Atribut memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Atribut waktu modifikasi"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell default, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/it.po b/po/it.po
-index d01ff1b41..6de4012ac 100644
---- a/po/it.po
-+++ b/po/it.po
-@@ -9,7 +9,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2019-03-06 08:57+0000\n"
- "Last-Translator: Milo Casagrande <milo@milo.name>\n"
- "Language-Team: Italian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -709,7 +709,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtro LDAP per determinare i privilegi di accesso"
-
-@@ -780,738 +780,747 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Indirizzo del server Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Realm Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Timeout di autenticazione"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Directory in cui salvare le credenziali"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Percorso della cache delle credenziali utente"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Percorso del keytab per la validazione delle credenziali"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Abilita la validazione delle credenziali"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Intervallo di tempo tra due controlli di rinnovo"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Abilita FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Server dove viene eseguito il servizio di cambio password, se non nel KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, l'indirizzo del server LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Il base DN predefinito"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Il bind DN predefinito"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Il tipo di token di autenticazione del bind DN predefinito"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Il token di autenticazione del bind DN predefinito"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Durata del tentativo di connessione"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Durata tra tentativi di riconnessione quando offline"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Usare solo maiuscole per i nomi dei realm"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "File contenente i certificati CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Percorso della directory dei cerficati della CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "File contenente il certificato client"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "File contenente la chiave client"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lista delle possibili cipher suite"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Richiedere la verifica del certificato TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Specificare il meccanismo sasl da usare"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Specificare l'id di autorizzazione sasl da usare"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Specificare l'id di autorizzazione sasl da usare"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Keytab del servizio Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Seguire i referral LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Metodo di deferenziazione degli alias"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Durata attesa per le richieste di ricerca"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Durata tra gli aggiornamenti alle enumeration"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Intervallo di tempo per la pulizia cache"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Richiedere TLS per gli ID lookup"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Base DN per i lookup utente"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Ambito di applicazione dei lookup utente"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtro per i lookup utente"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass per gli utenti"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Attributo del nome utente"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Attributo UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Attributo del GID primario"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Attributo GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Attributo della home directory"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Attributo della shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Attributo user principal (per Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nome completo"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Attributo memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Attributo data di modifica"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Politica per controllare la scadenza della password"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Lista separata da virgola degli utenti abilitati"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Lista separata da virgola degli utenti non abilitati"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell predefinita, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Base delle home directory"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Il nome della libreria NSS da usare"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Stack PAM da usare"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/ja.po b/po/ja.po
-index 9056f7385..856cce635 100644
---- a/po/ja.po
-+++ b/po/ja.po
-@@ -6,13 +6,14 @@
- # Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
- # Noriko Mizumoto <noriko.mizumoto@gmail.com>, 2016. #zanata
- # Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata
-+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata
- msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
--"PO-Revision-Date: 2019-10-07 11:46+0000\n"
--"Last-Translator: Keiko Moriguchi <kemorigu@redhat.com>\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
-+"PO-Revision-Date: 2020-01-14 01:48+0000\n"
-+"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
- "ja/)\n"
- "Language: ja\n"
-@@ -96,7 +97,7 @@ msgid ""
- "files."
- msgstr ""
- "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ"
--"クトリです。"
-+"クトリーです。"
-
- #: src/config/SSSDConfig/__init__.py.in:63
- msgid "Domain to add to names without a domain component."
-@@ -168,12 +169,12 @@ msgstr "識別プロバイダーからのホームディレクトリーの値を
- msgid ""
- "Substitute empty homedir value from the identity provider with this value"
- msgstr ""
--"アイデンティティプロバイダーからの空のホームディレクトリーをこの値で置き換え"
--"ます"
-+"アイデンティティープロバイダーからの空のホームディレクトリーをこの値で置き換"
-+"えます"
-
- #: src/config/SSSDConfig/__init__.py.in:82
- msgid "Override shell value from the identity provider with this value"
--msgstr "アイデンティティプロバイダーからのシェル値をこの値で上書きします"
-+msgstr "アイデンティティープロバイダーからのシェル値をこの値で上書きします"
-
- #: src/config/SSSDConfig/__init__.py.in:83
- msgid "The list of shells users are allowed to log in with"
-@@ -210,7 +211,7 @@ msgstr "オンラインログイン中にキャッシュによるログインが
-
- #: src/config/SSSDConfig/__init__.py.in:92
- msgid "How many failed logins attempts are allowed when offline"
--msgstr "オフラインのときに許容されるログイン試行失敗回数"
-+msgstr "オフラインの時に許容されるログイン試行失敗回数"
-
- #: src/config/SSSDConfig/__init__.py.in:93
- msgid ""
-@@ -311,13 +312,14 @@ msgstr "信頼された CA 証明書のストレージへのパス"
-
- #: src/config/SSSDConfig/__init__.py.in:122
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "証明書からの ssh-key の生成を許可します"
-
- #: src/config/SSSDConfig/__init__.py.in:123
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
- msgstr ""
-+"以下の一致するルールを使用して、ssh-key 生成用の証明書をフィルタリングします"
-
- #: src/config/SSSDConfig/__init__.py.in:126
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -419,11 +421,11 @@ msgstr "クライアントの証明書を含むファイルへのパス"
-
- #: src/config/SSSDConfig/__init__.py.in:152
- msgid "Path to file containing client's private key"
--msgstr "クライアントのプライベートキーを含むファイルへのパス"
-+msgstr "クライアントの秘密鍵を含むファイルへのパス"
-
- #: src/config/SSSDConfig/__init__.py.in:155
- msgid "Identity provider"
--msgstr "アイデンティティプロバイダー"
-+msgstr "アイデンティティープロバイダー"
-
- #: src/config/SSSDConfig/__init__.py.in:156
- msgid "Authentication provider"
-@@ -475,7 +477,7 @@ msgstr "すべてのユーザー・グループの列挙を有効にする"
-
- #: src/config/SSSDConfig/__init__.py.in:170
- msgid "Cache credentials for offline login"
--msgstr "オフラインログインのためにクレディンシャルをキャッシュする"
-+msgstr "オフラインログインのためにクレデンシャルをキャッシュする"
-
- #: src/config/SSSDConfig/__init__.py.in:171
- msgid "Display users/groups in fully-qualified form"
-@@ -498,7 +500,7 @@ msgstr "エントリーキャッシュのタイムアウト長(秒)"
- #: src/config/SSSDConfig/__init__.py.in:174
- msgid ""
- "Restrict or prefer a specific address family when performing DNS lookups"
--msgstr "DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します"
-+msgstr "DNS 検索を実行する時に特定のアドレスファミリーを制限または優先します"
-
- #: src/config/SSSDConfig/__init__.py.in:175
- msgid "How long to keep cached entries after last successful login (days)"
-@@ -518,7 +520,7 @@ msgstr "単一の DNS クエリーの解決を試行する時間 (秒)"
-
- #: src/config/SSSDConfig/__init__.py.in:178
- msgid "How long to wait for replies from DNS when resolving servers (seconds)"
--msgstr "サーバーを名前解決するときに DNS から応答を待つ時間(秒)"
-+msgstr "サーバーを名前解決する時に DNS から応答を待つ時間(秒)"
-
- #: src/config/SSSDConfig/__init__.py.in:179
- msgid "The domain part of service discovery DNS query"
-@@ -561,7 +563,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:194
- msgid "Whether the nsupdate utility should default to using TCP"
--msgstr "nsupdate ユーティリティが標準で TCP を使用するかどうか"
-+msgstr "nsupdate ユーティリティーが標準で TCP を使用するかどうか"
-
- #: src/config/SSSDConfig/__init__.py.in:195
- msgid "What kind of authentication should be used to perform the DNS update"
-@@ -632,7 +634,7 @@ msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単
-
- #: src/config/SSSDConfig/__init__.py.in:217
- msgid "If set to false, host argument given by PAM will be ignored"
--msgstr "もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます"
-+msgstr "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます"
-
- #: src/config/SSSDConfig/__init__.py.in:218
- msgid "The automounter location this IPA client is using"
-@@ -649,7 +651,7 @@ msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索
- #: src/config/SSSDConfig/__init__.py.in:221
- #: src/config/SSSDConfig/__init__.py.in:239
- msgid "Enable DNS sites - location based service discovery"
--msgstr "DNS サイトの有効化 - 位置にサービス探索"
-+msgstr "DNS サイトの有効化 - 位置ベースのサービス検索"
-
- #: src/config/SSSDConfig/__init__.py.in:222
- msgid "Search base for view containers"
-@@ -720,7 +722,7 @@ msgid "Active Directory client hostname"
- msgstr "Active Directory クライアントホスト名"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "アクセス権限を決めるための LDAP フィルター"
-
-@@ -798,209 +800,218 @@ msgstr "マシンアカウントのパスワードの更新が必要となるま
- msgid "Option for tuning the machine account renewal task"
- msgstr "マシンアカウントの更新タスクをチューニングするオプション"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos サーバーのアドレス"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Kerberos バックアップサーバーのアドレス"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos レルム"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "認証のタイムアウト"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "kdcinfo ファイルを作成するかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "krb5 設定スニペットを削除する場所"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
--msgstr "クレディンシャルのキャッシュを保存するディレクトリー"
-+msgstr "クレデンシャルのキャッシュを保存するディレクトリー"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
--msgstr "ユーザーのクレディンシャルキャッシュの位置"
-+msgstr "ユーザーのクレデンシャルキャッシュの位置"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
--msgstr "クレディンシャルを検証するキーテーブルの場所"
-+msgstr "クレデンシャルを検証するキーテーブルの場所"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
--msgstr "クレディンシャルの検証を有効にする"
-+msgstr "クレデンシャルの検証を有効にする"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "更新可能な TGT の有効期間"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "TGT の有効期間"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "更新を確認する間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "FAST を有効にする"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "FAST に使用するプリンシパルを選択する"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "プリンシパル正規化を有効にする"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "エンタープライズ・プリンシパルの有効化"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, LDAP サーバーの URI"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, LDAP サーバーの URI"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "デフォルトのベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "ユーザーのパスワードの変更にモードを使用しました"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "デフォルトのバインド DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "デフォルトのバインド DN の認証トークンの種類"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "デフォルトのバインド DN の認証トークン"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "接続を試行する時間"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "LDAP 同期操作を試行する時間"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "オフラインの間に再接続を試行する時間"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "レルム名に対して大文字のみを使用する"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "CA 証明書を含むファイル"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "CA 証明書のディレクトリーのパス"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "クライアント証明書を含むファイル"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "クライアントの鍵を含むファイル"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "利用可能な暗号の一覧"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "TLS 証明書の検証を要求する"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "使用する SASL メカニズムを指定する"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "使用する SASL 認可 ID を指定する"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "使用する SASL 認可レルムを指定する"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "LDAP SASL 認可の最小 SSF を指定する"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "LDAP SASL 認可の最小 SSF を指定する"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Kerberos サービスのキーテーブル"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "LDAP 接続に対して Kerberos 認証を使用する"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "LDAP リフェラルにしたがう"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "LDAP 接続の TGT の有効期間"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "エイリアスを参照解決する方法"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "DNS サービス検索のサービス名"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
--msgstr "単一の LDAP 問い合わせにおいて取得するレコード数"
-+msgstr "単一の LDAP クエリーにおいて取得するレコード数"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1008,400 +1019,400 @@ msgstr ""
- "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す"
- "るかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr "LDAP サーバーを切断する前に接続を保持する時間"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "LDAP ページング制御を無効化する"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Active Directory 範囲の取得の無効化"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "検索要求を待つ時間"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "列挙の要求を待つ時間"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "列挙の更新間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "キャッシュをクリーンアップする間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "ID 検索に TLS を要求する"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "ユーザー検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "ユーザー検索の範囲"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "ユーザー検索のフィルター"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "ユーザーのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "ユーザー名の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "プライマリー GID の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
--msgstr "ホームディレクトリの属性"
-+msgstr "ホームディレクトリーの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "シェルの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "UUID 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "ID マッピングの Active Directory プライマリーグループ属性"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "ユーザープリンシパルの属性(Kerberos 用)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "氏名"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "memberOf 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "変更日時の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "shadowLastChange 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "認可された PAM サービスを一覧化する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "認可されたサーバーホストを一覧化する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "認可されたサーバー rhosts を一覧化する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "krbLastPwdChange 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "AD の accountExpires 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "AD の userAccountControl 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "nsAccountLock 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "NDS の loginDisabled 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "NDS の loginExpirationTime 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "NDS の loginAllowedTimeMap 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "SSH 公開鍵の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr "ユーザー用に許可された認証タイプを一覧化する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "ユーザーの X509 証明書を含む属性"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "ユーザーの電子メールアドレスを含む属性"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "グループ検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "グループのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "グループ名"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "グループのパスワード"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "GID 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "グループメンバー属性"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "グループ UUID 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "グループの変更日時の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "グループおよび他のフラグのタイプ"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "LDAP グループの外部メンバーの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "SSSD が従う最大ネストレベル"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "ネットグループ検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "ネットグループのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "ネットグループ名"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "ネットグループメンバーの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "ネットグループの三つ組の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "ネットグループの変更日時の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "サービス検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "サービスのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "サービス名の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "サービスポートの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "サービスプロトコルの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "ID マッピングの下限"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "ID マッピングの上限"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "ID マッピングするとき、各スライスに対する ID の数"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "ID マッピングに対するデフォルトドメインの名前"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "ID マッピングに対するデフォルトドメインの SID"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "セカンダリースライスの数"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Token-Group を使うかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "LDAP サーバーから許可される ID の下限の設定"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "LDAP サーバーから許可される ID の上限の設定"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "ppolicy クエリーの DN"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr "ワイルドカードの要求の間に取得する最大エントリーの数"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "パスワード失効の評価のポリシー"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "どのルールがアクセス制御を評価するために使用されるか"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "パスワードの変更が許可される LDAP サーバーの URI"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "sudo ルール検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "自動的な完全更新間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "自動的なスマート更新間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどう"
- "か"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1409,134 +1420,134 @@ msgstr ""
- "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン"
- "名"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネット"
- "ワーク"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr "ホスト属性に正規表現を含むルールを含めるかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "sudo ルールのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
--msgstr ""
-+msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前"
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "sudo ルール名"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "sudo ルールのコマンドの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "sudo ルールのホストの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "sudo ルールのユーザーの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "sudo ルールのオプションの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "sudo ルールの runas の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "sudo ルールの runasuser の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "sudo ルールの runasgroup の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "sudo ルールの notbefore の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "sudo ルールの notafter の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "sudo ルールの order の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "automounter マップのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "オートマウントのマップ名の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "automounter マップエントリーのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
--msgstr "automounter マップエントリーのキー属性"
-+msgstr "automounter マップエントリーの鍵属性"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "automounter マップエントリーの値属性"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "automonter のマップ検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "許可ユーザーのカンマ区切り一覧"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "禁止ユーザーのカンマ区切り一覧"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "デフォルトのシェル, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "ホームディレクトリーのベース"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
--msgstr "事前にフォークされた子プロキシの数"
-+msgstr "事前にフォークされた子プロキシーの数。"
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "使用する NSS ライブラリーの名前"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "使用する PAM スタック"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "passwd ファイルソースへのパス"
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "グループファイルソースへのパス"
-
-@@ -1642,7 +1653,7 @@ msgstr "公開ソケットの所有者またはパーミッションが誤って
-
- #: src/sss_client/common.c:1085
- msgid "Unexpected format of the server credential message."
--msgstr "サーバーのクレディンシャルメッセージの予期しない形式です。"
-+msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。"
-
- #: src/sss_client/common.c:1088
- msgid "SSSD is not run by root."
-@@ -1683,7 +1694,7 @@ msgstr "root によるパスワードのリセットはサポートされませ
-
- #: src/sss_client/pam_sss.c:526
- msgid "Authenticated with cached credentials"
--msgstr "キャッシュされているクレディンシャルを用いて認証されました"
-+msgstr "キャッシュされているクレデンシャルを用いて認証されました"
-
- #: src/sss_client/pam_sss.c:527
- msgid ", your cached password will expire at: "
-@@ -1717,7 +1728,7 @@ msgstr ""
-
- #: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
- msgid "Password change failed. "
--msgstr "パスワードの変更に失敗しました。 "
-+msgstr "パスワードの変更に失敗しました。"
-
- #: src/sss_client/pam_sss.c:2008
- msgid "New Password: "
-@@ -1737,7 +1748,7 @@ msgstr "2 番目の要素 (オプション): "
-
- #: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
- msgid "Second Factor: "
--msgstr "2 番目の要素: "
-+msgstr "2 番目の要素: "
-
- #: src/sss_client/pam_sss.c:2190
- msgid "Password: "
-@@ -2055,17 +2066,17 @@ msgstr "マジックプライベート "
- #: src/tools/sss_groupshow.c:615
- #, c-format
- msgid "%1$s%2$sGroup: %3$s\n"
--msgstr "%1$s%2$s グループ: %3$s\n"
-+msgstr "%1$s%2$sGroup: %3$s\n"
-
- #: src/tools/sss_groupshow.c:618
- #, c-format
- msgid "%1$sGID number: %2$d\n"
--msgstr "%1$s GID 番号: %2$d\n"
-+msgstr "%1$sGID 番号: %2$d\n"
-
- #: src/tools/sss_groupshow.c:620
- #, c-format
- msgid "%1$sMember users: "
--msgstr "%1$s メンバーユーザー: "
-+msgstr "%1$sMember ユーザー: "
-
- #: src/tools/sss_groupshow.c:627
- #, c-format
-@@ -2074,7 +2085,7 @@ msgid ""
- "%1$sIs a member of: "
- msgstr ""
- "\n"
--"%1$s は次のメンバー: "
-+"%1$sIs は次のメンバー: "
-
- #: src/tools/sss_groupshow.c:634
- #, c-format
-@@ -2083,7 +2094,7 @@ msgid ""
- "%1$sMember groups: "
- msgstr ""
- "\n"
--"%1$s メンバーグループ: "
-+"%1$sMember グループ: "
-
- #: src/tools/sss_groupshow.c:670
- msgid "Print indirect group members recursively"
-@@ -2138,7 +2149,7 @@ msgstr "SELinux ログインコンテキストをリセットできません\n"
- #, c-format
- msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
- msgstr ""
--"警告: ユーザー (uid %1$lu) が削除されたときにまだログインしていました。\n"
-+"警告: ユーザー (uid %1$lu) が削除された時にまだログインしていました。\n"
-
- #: src/tools/sss_userdel.c:278
- msgid "Cannot determine if the user was logged in on this platform"
-@@ -2463,14 +2474,14 @@ msgid "Search by group ID"
- msgstr "グループ ID で検索"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "名前 %s を構文解析できません。\n"
-+msgstr "%s を開くことに失敗しました\n"
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "SSSD ソケットは存在しません。"
-+msgstr "ファイル %1$s は存在しません。\n"
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2482,24 +2493,23 @@ msgstr ""
- #: src/tools/sssctl/sssctl_config.c:85
- #, c-format
- msgid "Failed to load configuration configuration from %s.\n"
--msgstr ""
-+msgstr "%s からの設定のロードに失敗しました。\n"
-
- #: src/tools/sssctl/sssctl_config.c:91
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n"
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"ファイル %1$s は存在しません。SSSD は、ファイルプロバイダーでデフォルトの設定"
--"を使用します。\n"
-+"設定はありません。SSSD は、ファイルプロバイダーでデフォルト設定を使用しま"
-+"す。\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "バリデーターの実行に失敗しました"
-
- #: src/tools/sssctl/sssctl_config.c:115
- #, c-format
-@@ -2512,14 +2522,14 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "設定のマージ中に生成されたメッセージ: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "設定スニペットファイルを使用: %u\n"
-+msgstr "使用された設定スニペットファイル: %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
- msgid "Unable to create backup directory [%d]: %s"
--msgstr "バックアップディレクトリー [%d] の作成に失敗: %s"
-+msgstr "バックアップディレクトリー [%d] を作成できません: %s"
-
- #: src/tools/sssctl/sssctl_data.c:95
- msgid "SSSD backup of local data already exists, override?"
-@@ -2597,7 +2607,7 @@ msgstr ""
- #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
- #: src/tools/sssctl/sssctl_user_checks.c:95
- msgid "Unable to connect to system bus!\n"
--msgstr "システムバスに接続できません!\n"
-+msgstr "システムバスに接続できません。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Online"
-@@ -2613,9 +2623,8 @@ msgid "Online status: %s\n"
- msgstr "オンライン状態: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "アクティブサーバーに関する情報の表示"
-+msgstr "このドメインには、アクティブなサーバーはありません。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-@@ -2627,12 +2636,12 @@ msgstr "接続していません"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "サーバーが見つかりません。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
- msgid "Discovered %s servers:\n"
--msgstr "%s サーバーを発見:\n"
-+msgstr "%s サーバーが見つかりました:\n"
-
- #: src/tools/sssctl/sssctl_domains.c:285
- msgid "None so far.\n"
-@@ -2648,7 +2657,7 @@ msgstr "アクティブサーバーに関する情報の表示"
-
- #: src/tools/sssctl/sssctl_domains.c:327
- msgid "Show list of discovered servers"
--msgstr "発見されたサーバーに関する一覧を表示"
-+msgstr "見つかったサーバーに関する一覧を表示"
-
- #: src/tools/sssctl/sssctl_domains.c:333
- msgid "Specify domain name."
-@@ -2656,7 +2665,7 @@ msgstr "ドメイン名を指定します。"
-
- #: src/tools/sssctl/sssctl_domains.c:355
- msgid "Out of memory!\n"
--msgstr "メモリの空き容量がありません。\n"
-+msgstr "メモリーの空き容量がありません。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
- msgid "Unable to get online status\n"
-@@ -2692,12 +2701,12 @@ msgstr "ログファイルの切り捨てができません\n"
-
- #: src/tools/sssctl/sssctl_logs.c:286
- msgid "Out of memory!"
--msgstr "メモリの空き容量がありません。"
-+msgstr "メモリーの空き容量がありません。"
-
- #: src/tools/sssctl/sssctl_logs.c:289
- #, c-format
- msgid "Archiving log files into %s...\n"
--msgstr "ログファイルを %s へアーカイブ...\n"
-+msgstr "ログファイルを %s へアーカイブ中...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:292
- msgid "Unable to archive log files\n"
-@@ -2851,7 +2860,9 @@ msgstr ""
- msgid ""
- "testing pam_acct_mgmt\n"
- "\n"
--msgstr "pam_acct_mgmt のテスト中\n"
-+msgstr ""
-+"pam_acct_mgmt のテスト中\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:284
- #, c-format
-@@ -2883,7 +2894,9 @@ msgstr ""
- msgid ""
- "testing pam_open_session\n"
- "\n"
--msgstr "pam_open_session のテスト中\n"
-+msgstr ""
-+"pam_open_session のテスト中\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:292
- #, c-format
-@@ -2898,7 +2911,9 @@ msgstr ""
- msgid ""
- "testing pam_close_session\n"
- "\n"
--msgstr "pam_close_session のテスト中\n"
-+msgstr ""
-+"pam_close_session のテスト中\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:296
- #, c-format
-diff --git a/po/nb.po b/po/nb.po
-index 4b616074d..39289bb60 100644
---- a/po/nb.po
-+++ b/po/nb.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:46+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/"
-@@ -695,7 +695,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -766,737 +766,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Tjeneradresse for Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos-område"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Tidsavbrudd for autentisering"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/nl.po b/po/nl.po
-index 7c9399f67..75a6bc564 100644
---- a/po/nl.po
-+++ b/po/nl.po
-@@ -13,7 +13,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:47+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
-@@ -740,7 +740,7 @@ msgid "Active Directory client hostname"
- msgstr "Active Directory cliënt hostnaam"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "LDAP-filter om toegangsprivileges mee te bepalen"
-
-@@ -811,217 +811,226 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos-serveradres"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Kerberos back-up server adres"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos-rijk"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Authenticatie timeout"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Moeten kdcinfo bestanden aangemaakt worden"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Werkmap waar authenticatiegegevens opgeslagen worden"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Locatie van de authenticatiecache van de gebruiker"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Locatie van de keytab om authenticatiegegevens te valideren"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Schakel authenticatiegegevensvalidatie in"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Sla het wachtwoord op indien offline voor later gebruik bij online "
- "authenticatie"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Vernieuwbare levensduur van de TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Levensduur van de TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Tijd tussen twee checks voor vernieuwing"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Zet FAST aan"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST "
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Zet hoofdpersoon sanctioneren aan"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Zet enterprise principals aan"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, de URI van de LDAP server"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, De URI van de LDAP server"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "De standaard base DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "De standaard bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Het type authenticatietoken van de standaard bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Het authenticatietoken van de standaard bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Hoe lang pogen te verbinden"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Hoe lang proberen synchroon LDAP te benaderen"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens "
- "offline zijn"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Gebruik alleen hoofdletters voor gebiedsnamen"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Bestand dat de bekende CA-certificaten bevat"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Pad naar de CA-certificatenmap"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Bestand dat het client certificaat bevat"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Bestand dat de client sleutel bevat"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lijst van mogelijke sleutel suites"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Vereis verificatie van het TLS-certificaat"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Specificeer het te gebruiken sasl autorisatiegebied "
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Kerberos service keytab"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Volg LDAP-doorverwijzingen"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Levensduur van TGT voor LDAP-connectie"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Hoe moet de alias referentie verwijderd worden"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Service naam voor DNS service opzoeken"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
- "Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Het aantal leden van moet ontbreken om een volledige de-referentie te "
- "veroorzaken"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1029,382 +1038,382 @@ msgstr ""
- "Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te "
- "autoriseren tijdens een SASL binding"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het "
- "losgekoppeld wordt"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Het LDAP paging besturingselement uitschakelen"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Zet Active Directory bereik opvragen uit"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Tijd om te wachten op een zoekopdracht"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Tijdsduur te wachten voor een opsommingsverzoek"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Tijd om te wachten tussen enumeratie-updates"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Tijdsduur tussen cache opschoningen"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Vereis TLS voor het opzoeken van ID's"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Base DN voor het opzoeken van gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Scope voor het opzoeken van gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filter voor het opzoeken van gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass voor gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Username-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Primair GID-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Gebruikersmap-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Shell-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Active Directory primaire groep attribuut voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Userprincipal-attribuut (voor Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Volledige naam"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "memberOf-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Modification time-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "shadowLastChange attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Attribuut voor tonen van geautoriseerde PAM services"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Attribuut dat geautoriseerde server hosts toont"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "krbLastPwdChange attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "accountExpires attribuut van AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "userAccountControl attribuut van AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "nsAccountLock attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "loginDisabled attribuut van NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "loginExpirationTime attribuut van NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "loginAllowedTimeMap attribuut van NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "SSH publieke sleutel attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Basis DN voor groep opzoeken"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Objectklasse voor groepen"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Groepsnaam"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Groep wachtwoord"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "GID attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Groep deelnemer attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Verandertijd attribuut voor groepen"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Basis DN voor netgroep opzoeken"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Objectklasse voor netgroepen"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Netgroep naam"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Netgroep leden attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Netgroep triple attibuut"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Verandertijd attribuut voor netgroepen"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Basis DN voor service lookups"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Objectclass voor services"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Service naam attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Service port attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Service protocol attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Ondergrens voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Bovengrens voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Aantal ID's voor elk segment bij ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Naam van het standaard domein voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID van het standaard domein voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Policy om wacthwoordverloop mee te evalueren"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Welke attributen worden gebruikt voor evaluatie als het account verlopen is"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
- "Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
- "URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
- "URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "DNS service naam voor LDAP wachtwoord verander server"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1412,23 +1421,23 @@ msgstr ""
- "Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een "
- "wachtwoordwijziging"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Basis DN voor sudo regels lookups"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Automatische volledige ververs periode"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Automatische slimme ververs periode"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1436,137 +1445,137 @@ msgstr ""
- "Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor "
- "het filteren van sudo regels"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo "
- "regels"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Moeten regels toegevoegd worden die netgroep bevatten in host attribuut "
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Moeten regels toegevoegd worden die regulaire expressie bevatten in host "
- "attribuut "
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objectklasse voor sudo regels"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Sudo regelnaam"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Sudo regel opdracht attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Sudo regel host attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Sudo regel gebruiker attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Sudo regel optie attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Sudo regel runasuser attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Sudo regel runasgroup attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Sudo regel notbefore attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Sudo regel notafter attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Sudo regel volgorde attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Object class voor automounter maps"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Automounter map naam attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Objectklasse voor automounter map ingaven"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Automounter map sleutel ingave attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Automounter map ingavewaarde attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Basis DN voor automounter kaart opzoeken"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Kommagescheiden lijst van toegestane gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Kommagescheiden lijst van geweigerde gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Standaard shell, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Basis voor gebruikersmappen"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "De naam van de NSS-bibliotheek die gebruikt wordt"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden "
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "PAM-stack die gebruikt wordt"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/pl.po b/po/pl.po
-index c5ca94f8e..e52db1707 100644
---- a/po/pl.po
-+++ b/po/pl.po
-@@ -14,8 +14,8 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
--"PO-Revision-Date: 2019-08-26 02:06+0000\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
-+"PO-Revision-Date: 2019-12-02 12:32+0000\n"
- "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
- "Language-Team: Polish (http://www.transifex.com/projects/p/sssd/language/"
- "pl/)\n"
-@@ -333,13 +333,15 @@ msgstr "Ścieżka do miejsca przechowywania zaufanych certyfikatów CA"
-
- #: src/config/SSSDConfig/__init__.py.in:122
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "Zezwala na tworzenie kluczy SSH z certyfikatów"
-
- #: src/config/SSSDConfig/__init__.py.in:123
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
- msgstr ""
-+"Używa poniższych reguł dopasowania do filtrowania certyfikatów do tworzenia "
-+"kluczy SSH"
-
- #: src/config/SSSDConfig/__init__.py.in:126
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -765,7 +767,7 @@ msgid "Active Directory client hostname"
- msgstr "Nazwa komputera klienta Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtr LDAP do określenia uprawnień dostępu"
-
-@@ -848,214 +850,223 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr "Opcja dostrajania zadania odnawiania konta komputera"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Adres serwera Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adres zapasowego serwera Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Obszar Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Czas oczekiwania na uwierzytelnienie"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Określa, czy tworzyć pliki kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Gdzie umieścić wstawki konfiguracji krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
- "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Włącza sprawdzanie danych uwierzytelniających"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia "
- "w trybie online"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Odnawialny czas trwania TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Czas trwania TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Czas między dwoma sprawdzaniami odnowy"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Włącza FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Wybiera naczelnika do użycia dla FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Włącza ujednolicanie naczelnika"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Włącza naczelników enterprise"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr "Mapa nazw użytkowników do nazw naczelników Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje "
- "się w KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, adres URI serwera LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, adres URI serwera LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Domyślna podstawowa DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "Tryb używany do zmiany hasła użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Domyślne DN dowiązania"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Token uwierzytelniania domyślnego DN dowiązania"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Czas do próby połączenia"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Czas do próby synchronicznych działań LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Czas między próbami ponownego połączenia w trybie offline"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Użycie tylko wielkich znaków w nazwach obszarów"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Plik zawierający certyfikaty CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Ścieżka do katalogu certyfikatów CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Plik zawierający certyfikat klienta"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Plik zawierający klucz klienta"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lista możliwych zestawów szyfrów"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Wymaga sprawdzenia certyfikatu TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Podaje używany mechanizm SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Podaje używany identyfikator upoważnienia SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Podaje obszar upoważnienia SASL do użycia"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Tablica kluczy usługi Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Podąża za odsyłaniami LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Czas trwania TGT dla połączenia LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Jak wskazywać aliasy"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Nazwa usługi do wyszukiwań usługi DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr "Suma liczb, których musi brakować, aby wywołać pełne „deref”"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1063,381 +1074,381 @@ msgstr ""
- "Określa, czy biblioteka LDAP ma wykonywać odwrotne wyszukanie, aby "
- "ujednolicić nazwę komputera podczas dowiązania SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "Atrybut entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "Atrybut lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Wyłącza kontrolę stronicowania LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Wyłącza pobieranie zakresu Active Directory"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Czas oczekiwania na żądanie wyszukiwania"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Czas oczekiwania na żądanie wyliczenia"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Czas między aktualizacjami wyliczania"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Czas między czyszczeniem pamięci podręcznej"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Wymaga TLS dla wyszukiwania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
- "Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych "
- "identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Podstawowe DN dla wyszukiwania użytkowników"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Zakres wyszukiwania użytkowników"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtruje wyszukiwania użytkowników"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Klasa obiektów dla użytkowników"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Atrybut nazwy użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Atrybut UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Pierwszy atrybut GID"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Atrybut GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Atrybut katalogu domowego"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Atrybut powłoki"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "Atrybut UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "Atrybut objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Atrybut głównej grupy Active Directory dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Atrybut głównego użytkownika (dla Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Imię i nazwisko"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Atrybut memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Atrybut czasu modyfikacji"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "Atrybut shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "Atrybut shadowMin"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "Atrybut shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "Atrybut shadowWarning"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "Atrybut shadowInactive"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "Atrybut shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "Atrybut shadowFlag"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Atrybut zawierający listę upoważnionych usług PAM"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "Atrybut zawierający listę upoważnionych rhosts serwera"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "Atrybut krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "Atrybut krbPasswordExpiration"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "Atrybut accountExpires AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "Atrybut userAccountControl AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "Atrybut nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "Atrybut loginDisabled NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "Atrybut loginExpirationTime NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "Atrybut loginAllowedTimeMap NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Atrybut klucza publicznego SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
- "atrybut zawierający listę dozwolonych typów uwierzytelniania dla użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "atrybut zawierający certyfikat X509 użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "atrybut zawierający adres e-mail użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr "Lista dodatkowych atrybutów do pobrania razem z wpisem użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Podstawowe DN dla wyszukiwania grup"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Klasa obiektów dla grup"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Nazwa grupy"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Hasło grupy"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Atrybut GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Atrybut elementu grupy"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "Atrybut UUID grupy"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Atrybut czasu modyfikacji grup"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Typ grupy i inne flagi"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "Atrybut zewnętrznego członka grupy LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Klasa obiektów dla grup sieciowych"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nazwa grupy sieciowej"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Atrybut elementów grupy sieciowej"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Potrójny atrybut grupy sieciowej"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Atrybut czasu modyfikacji grup sieciowych"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Podstawowe DN do wyszukiwania usług"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Klasa obiektów dla usług"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Atrybut nazwy usługi"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Atrybut portu usługi"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Atrybut protokołu usługi"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Niższa granica dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Wyższa granica dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
- "Liczba identyfikatorów dla każdego fragmentu podczas mapowania "
- "identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Używa algorytmu zgodnego z autorid do mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Nazwa domyślnej domeny dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID domyślnej domeny dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "Liczba drugorzędnych fragmentów"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Czy używać Token-Groups"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN dla zapytań polityki"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr "Ile maksymalnie wpisów pobierać podczas żądania z wieloznacznikiem"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Polityka do oszacowania wygaszenia hasła"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr "Które atrybuty mają być używane do sprawdzenia, czy konto wygasło"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Które reguły mają być używane do sprawdzania kontroli dostępu"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1445,24 +1456,24 @@ msgstr ""
- "Określa, czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie "
- "hasła"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Podstawowe DN dla wyszukiwań reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Okres między automatycznymi pełnymi odświeżeniami"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Okres między automatycznymi inteligentnymi odświeżeniami"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "Określa, czy filtrować reguły według nazwy komputera, adresów IP i sieci"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1470,138 +1481,138 @@ msgstr ""
- "Nazwy komputerów lub w pełni kwalifikowane nazwy domen tego komputera do "
- "filtrowania reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Określa, czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Określa, czy zawierać reguły zawierające wyrażenia regularne w atrybucie "
- "komputera"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Klasa obiektów dla reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
--msgstr ""
-+msgstr "Nazwa atrybutu używanego jako klasa obiektów dla reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Nazwa reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Atrybut polecenia reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Atrybut komputera reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Atrybut użytkownika reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Atrybut opcji reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Atrybut runas reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Atrybut runasuser reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Atrybut runasgroup reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Atrybut notbefore reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Atrybut notafter reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Atrybut kolejności reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Klasa obiektów dla map automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Atrybut nazwy mapy automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Klasa obiektów dla wpisów map automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Atrybut klucza wpisu mapy automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Atrybut wartości wpisu mapy automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Podstawowe DN dla wyszukiwań map automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Lista zabronionych użytkowników oddzielonych przecinkami"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Domyślna powłoka, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Podstawa katalogów domowych"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr "Liczba elementów potomnych pośrednika przed rozwidleniem."
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Nazwa używanej biblioteki NSS"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
- "Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli "
- "to możliwe"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Używany stos PAM"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "Ścieżka źródeł pliku „passwd”."
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "Ścieżka źródeł pliku „group”."
-
-@@ -2533,14 +2544,14 @@ msgid "Search by group ID"
- msgstr "Wyszukuje według identyfikatorów grup"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "Nie można przetworzyć nazwy %s.\n"
-+msgstr "Otwarcie %s się nie powiodło\n"
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "Gniazdo SSSD nie istnieje."
-+msgstr "Plik %1$s nie istnieje.\n"
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2552,24 +2563,23 @@ msgstr ""
- #: src/tools/sssctl/sssctl_config.c:85
- #, c-format
- msgid "Failed to load configuration configuration from %s.\n"
--msgstr ""
-+msgstr "Wczytanie konfiguracji z %s się nie powiodło.\n"
-
- #: src/tools/sssctl/sssctl_config.c:91
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "Błąd podczas odczytywania katalogu konfiguracji.\n"
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"Plik %1$s nie istnieje. Usługa SSSD użyje domyślnej konfiguracji z dostawcą "
-+"Nie ma konfiguracji. Usługa SSSD użyje domyślnej konfiguracji z dostawcą "
- "plików.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "Uruchomienie programów sprawdzających poprawność się nie powiodło"
-
- #: src/tools/sssctl/sssctl_config.c:115
- #, c-format
-@@ -2582,9 +2592,9 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "Komunikaty utworzone podczas łączenia konfiguracji: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "Użyte pliki wstawek konfiguracji: %u\n"
-+msgstr "Użyte pliki wstawek konfiguracji: %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2681,9 +2691,8 @@ msgid "Online status: %s\n"
- msgstr "Stan online: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "Wyświetla informacje o aktywnym serwerze"
-+msgstr "Ta domena nie ma aktywnych serwerów.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-@@ -2695,7 +2704,7 @@ msgstr "nie połączono"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "Nie wykryto żadnych serwerów.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
-diff --git a/po/pt.po b/po/pt.po
-index 6f983d38a..de61e356f 100644
---- a/po/pt.po
-+++ b/po/pt.po
-@@ -7,7 +7,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:47+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
-@@ -703,7 +703,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -774,739 +774,748 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Endereço do servidor Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Reino Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Tempo de expiração da autenticação"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Directório para armazenar as caches de credenciais"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Localização da cache de credenciais dos utilizadores"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Localização da tabela de chaves (keytab) para validar credenciais"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Activar validação de credenciais"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Servidor onde está em execução o serviço de alteração de senha, se não "
- "coincide com o KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, O URI do servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "A base DN por omissão"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "O DN por omissão para a ligação"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "O tipo de token de autenticação do bind DN por omissão"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "O token de autenticação do bind DN por omissão"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Período de tempo para tentar ligação"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Tempo de espera para tentar operações LDAP síncronas"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Tempo de espera entre tentativas para re-conectar quando desligado"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Ficheiro que contêm os certificados CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Caminho para o directório do certificado CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Obriga a verificação de certificados TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Especificar mecanismo sasl a utilizar"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Especifique o id sasl para utilizar na autorização"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Especifique o id sasl para utilizar na autorização"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Separador chave do serviço Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Seguir os referrals LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Tempo de espera por um pedido de pesquisa"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Período de tempo entre enumeração de actualizações"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Requer TLS para consultas de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "DN base para pesquisa de utilizadores"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Âmbito das pesquisas do utilizador"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtro para as pesquisas do utilizador"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass para utilizadores"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Atributo do nome do utilizador"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Atributo UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Atributo GID primário"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Atributo GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Atributo da pasta pessoal"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Atributo da Shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Atributo principal do utilizador (para Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nome Completo"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Atributo memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Atributo da alteração da data"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Politica para avaliar a expiração da senha"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Lista de utilizadores autorizados separados por vírgulas"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Lista de utilizadores não autorizados separados por vírgulas"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell pré-definida, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Directório base para as pastas pessoais"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "O nome da biblioteca NSS a utilizar"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Stack PAM a utilizar"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/pt_BR.po b/po/pt_BR.po
-index dc03ba658..3a0f0a15a 100644
---- a/po/pt_BR.po
-+++ b/po/pt_BR.po
-@@ -3,7 +3,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2015-10-27 08:15+0000\n"
- "Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n"
- "Language-Team: Portuguese (Brazil)\n"
-@@ -689,7 +689,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -760,737 +760,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/ru.po b/po/ru.po
-index d8e586b20..8af743d55 100644
---- a/po/ru.po
-+++ b/po/ru.po
-@@ -9,7 +9,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2016-02-23 10:04+0000\n"
- "Last-Translator: Oleksii Levan <exlevan@gmail.com>\n"
- "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -720,7 +720,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Фильтр LDAP для определения прав доступа"
-
-@@ -791,740 +791,749 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Имя сервера Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Область действия Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Тайм-аут проверки подлинности"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Каталог для хранения кэшей учётных данных"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Расположения кэша учётных данных пользователей"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Расположение keytab-файла для проверки учётных данных"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Включить проверку учётных данных"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "При отсутствии соединения сохранить пароль и пройти аутентификацию позже"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, URI сервера LDAP "
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Base DN по умолчанию"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Bind DN по умолчанию"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Тип маркера проверки подлинности для bind DN по умолчанию"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Маркер проверки подлинности для bind DN по умолчанию"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Временной интервал для попытки соединения"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Временной интервал для попытки синхронизации операций LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Временной интервал между попытками возобновления соединения в автономного "
- "режиме"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Файл содержащий сертификаты CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Путь к каталогу с сертификатами CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Требуется проверка сертификата TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Укажите механизм sasl"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Укажите идентификатор авторизации sasl"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Укажите идентификатор авторизации sasl"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Keytab-файл службы Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Следовать ссылкам LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Время жизни TGT для LDAP-соединений"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Временной интервал между обновлениями перечисления"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Требовать TLS для запросов ID"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Base DN для поиска"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Глубина поиска"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Фильтр поиска"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass для пользователей"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Атрибут «username»"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Атрибут «UID»"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Атрибут «primary GID»"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Атрибут «GECOS»"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Атрибут домашнего каталога"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Атрибут оболочки"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Атрибут участника-пользователя (для Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Полное имя"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Атрибут memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Атрибут времени изменения"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Политика вычисления окончания срока действия пароля"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Разделённый запятыми список разрешённых пользователей"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Разделённый запятыми список запрещённых пользователей"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Оболочка по умолчанию, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Место для домашних каталогов"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Имя используемой библиотеки NSS"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Используемый стек PAM"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/sssd.pot b/po/sssd.pot
-index 8c0091882..2270e49d6 100644
---- a/po/sssd.pot
-+++ b/po/sssd.pot
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
- "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
- "Language-Team: LANGUAGE <LL@li.org>\n"
-@@ -692,7 +692,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -763,737 +763,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/sv.po b/po/sv.po
-index 646f33eee..243c4e2d9 100644
---- a/po/sv.po
-+++ b/po/sv.po
-@@ -11,7 +11,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2019-09-29 04:12+0000\n"
- "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
- "Language-Team: Swedish (http://www.transifex.com/projects/p/sssd/language/"
-@@ -742,7 +742,7 @@ msgid "Active Directory client hostname"
- msgstr "Active Directory-klientvärdnamn"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "LDAP-filter för att bestämma åtkomstprivilegier"
-
-@@ -825,210 +825,219 @@ msgstr "Maximal ålder i dagar innan maskinkontots lösenord skall förnyas"
- msgid "Option for tuning the machine account renewal task"
- msgstr "Flagga för att trimma maskinkontots förnyelseuppgift"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Adress till Kerberosserver"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adress till reservserver för Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberosrike"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Autentiseringstidsgräns"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Huruvida kdcinfo-filer skall skapas"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Var konfigurationssnuttar för krb5 skall läggas"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Katalog att lagra kreditiv-cachar i"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Plats för användarens kreditiv-cache"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Plats för nyckeltabellen för att validera kreditiv"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Aktivera validering av kreditiv"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "Lagra lösenord när ej ansluten för ansluten autentisering senare"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Förnybar livstid för TGT:n"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Livstid för TGT:n"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Tid mellan två kontroller av förnyelse"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Aktiverar FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Väljer huvudman att använda för FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Aktivera kanonisk form av huvudman"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Aktiverar företagshuvudmän"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr "En översättning från användarnamn till Kerberos huvudmansnamn"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr "Server där ändringstjänsten för lösenord kör om inte på KDC:n"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, URI:n för LDAP-servern"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, URI:n för LDAP-servern"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Standard bas-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Schematypen som används i LDAP-servern, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "Läge som används för att ändra användares lösenord"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Standard bindnings-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Typen på autentiserings-token för standard bindnings-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Autentiserings-token för standard bindnings-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Tidslängd att försöka ansluta"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Tidslängd att försöka synkrona LDAP-operationer"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Tidslängd mellan försök att återansluta vid frånkoppling"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Använd endast versaler för namn på riken"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Fil som innehåller CA-certifikat"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Sökväg till katalogen med CA-certifikat"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Fil som innehåller klientcertifikatet"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Fil som innehåller klientnyckeln"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lista över möjliga chiffersviter"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Kräv TLS-certifikatverifiering"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Ange sasl-mekanismen att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Ange sasl-auktorisering-id att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Ange sasl-auktoriseringsrike att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Ange minsta SSF för LDAP-sasl-auktorisering"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Ange minsta SSF för LDAP-sasl-auktorisering"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Kerberostjänstens nyckeltabell"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Använd Kerberosautentisering för LDAP-anslutningar"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Följer LDAP-hänvisningar"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Livslängd på TGT för LDAP-anslutning"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Hur alias skall derefereras"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Tjänstenamn för uppslagning av DNS-tjänster"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Antalet poster som skall hämtas i en enda LDAP-fråga"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1036,377 +1045,377 @@ msgstr ""
- "Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram "
- "värdnamnets kanoniska form under en SASL-bindning"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Avaktivera flödesstyrningen (paging) av LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Avaktivera Active Directorys intervallhämtande"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Tidslängd att vänta på en sökbegäran"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Tidslängd att vänta på en uppräkningsbegäran"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Tidslängd mellan uppräkningsuppdateringar"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Tidslängd mellan cache-tömningar"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Kräv TLS för ID-uppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "Använd ID-översättning av objectSID istället för förhandssatta ID:n"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Bas-DN för användaruppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Omfång av användaruppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filter för användaruppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objektklass för användare"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Användarnamnsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Primärt GID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Hemkatalogattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Skalattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "UUID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Primärt gruppattribut i Active Directory för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Användarens huvudmansattribut (för Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Fullständigt namn"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "medlemAv-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Modifieringstidsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "attributet shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Attribut för listning av auktoriserade PAM-tjänster"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Attribut för listning av auktoriserade servervärdar"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "Attribut för listning av auktoriserade server-rhosts"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "attributet krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr "Attribut som indikerar att serversidans lösenordspolicyer är aktiva"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "AD:s attribut accountExpires"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "AD:s attribut userAccountControl"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "attributet nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "NDS attribut loginDisabled"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "NDS attribut loginExpirationTime"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "NDS attribut loginAllowedTimeMap"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Attribut för publik SSH-nyckel"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr "attribut för listning av tillåtna autentiseringstyper för en användare"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "attribut som innehåller användarens X509-certifikat"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "attribut som innehåller e-postadresser till användaren"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr "En lista över extra attribut att hämta tillsammans med användarposten"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Bas-DN för gruppuppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Objektklass för grupper"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Gruppnamn"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Grupplösenord"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "GID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Gruppmedlemsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "Grupp-UUID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Modifieringstidsattribut för grupper"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Typen av grupp och andra flaggor"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "LDAP-gruppens externa medlemsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "Maximal nästlingsnivå SSSD kommer följa"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Bas-DN för nätgruppuppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Objektklass för nätgrupper"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nätgruppnamn"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Attribut på nätgruppmedlemmar"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Attribut på nätgruppstripplar"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Modifieringstidsattribut för nätgrupper"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Bas-DN för tjänsteuppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Objektklass för tjänster"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Tjänstenamnsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Tjänsteportsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Tjänsteprotokollsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Undre gräns för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Övre gräns för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Antal ID:n till varje skiva vid ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Använd en autorid-kompatibel algoritm för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Standarddomänens namn för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "Standarddomänens SID för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "Antal sekundära skivor"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Huruvida Token-Groups skall användas"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Sätt undre gräns för tillåtna ID:n från LDAP-servern"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Sätt övre gräns för tillåtna ID:n från LDAP-servern"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN för ppolicy-frågor"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr "Hur många poster att maximalt hämta i en joker-begäran"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Policy för att utvärdera utgång av lösenord"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr "Vilka attribut skall användas för att avgöra om ett konto gått ut"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Vilka regler skall användas för att avgöra åtkomstkontroll"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "URI till en LDAP-server där lösenordsändringar är tillåtna"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "URI till en reserv-LDAP-server där lösenordsändringar är tillåtna"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "DNS-tjänstenamn för LDAP-lösenordsändringsservern"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1414,24 +1423,24 @@ msgstr ""
- "Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en "
- "ändring av lösenord"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Bas-DN för regeluppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Intervall mellan automatisk fullständig omläsning"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Intervall mellan automatisk smart omläsning"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1439,137 +1448,137 @@ msgstr ""
- "Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för "
- "att filtrera sudo-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera "
- "sudo-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Huruvida regler som innehåller reguljära uttryck i värdattribut skall "
- "inkluderas"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objektklass för sudo-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Sudo-regelnamn"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Attribut för sudo-regelkommandon"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Attribut för sudo-regelvärd"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Attribut för sudo-regelanvändare"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Attribut för sudo-regelflaggor"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Sudo-regel-runas-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Attribut för sudo-runasuser"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Attribut på runasgroup i sudo-regel"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Attribut för sudo-notbefore-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Attribut för sudo-notafter-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Attribut för sudo-order-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Objektklass för avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Attribut för namn i avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Objektklass för poster i avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Attribut för postnycklar i avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Attribut på postvärde i avbildning för automatmonteraren"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Bas-DN för uppslagningar i avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Kommaseparerad lista över tillåtna användare"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Kommaseparerad lista över förbjudna användare"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Standardskal, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Bas för hemkataloger"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr "Antal ombudsbarn före grening"
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Namnet på NSS-biblioteket att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "PAM-stack att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "Sökväg till lösenordsfilkällor."
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "Sökväg till gruppfilkällor."
-
-@@ -2494,14 +2503,14 @@ msgid "Search by group ID"
- msgstr "Sök via grupp-ID"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "Kan inte tolka namnet %s.\n"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "SSSD-uttaget finns inte."
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2520,13 +2529,10 @@ msgid "Error while reading configuration directory.\n"
- msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"Filen %1$s finns inte. SSSD kommer använda standardkonfigurationen med "
--"filleverantörer.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
-@@ -2543,9 +2549,9 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "Meddelanden genererade under sammanslagning av konfigurationen: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "Använda konfigurationssnuttfiler: %u\n"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2641,9 +2647,8 @@ msgid "Online status: %s\n"
- msgstr "Uppkopplingsstatus: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "Visa information om aktiv server"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-diff --git a/po/tg.po b/po/tg.po
-index 5009cf304..70e00714a 100644
---- a/po/tg.po
-+++ b/po/tg.po
-@@ -7,7 +7,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:48+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
-@@ -694,7 +694,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -765,737 +765,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Номи гурӯҳ"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Пароли гурӯҳ"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Аттрибути GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/tr.po b/po/tr.po
-index f05e7dca8..a4ba1533f 100644
---- a/po/tr.po
-+++ b/po/tr.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:49+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Turkish (http://www.transifex.com/projects/p/sssd/language/"
-@@ -695,7 +695,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -766,737 +766,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos sunucu adresi"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/uk.po b/po/uk.po
-index 098e0d472..3e73effbc 100644
---- a/po/uk.po
-+++ b/po/uk.po
-@@ -14,8 +14,8 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
--"PO-Revision-Date: 2019-08-16 05:48+0000\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
-+"PO-Revision-Date: 2019-12-02 08:43+0000\n"
- "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
- "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
- "uk/)\n"
-@@ -345,13 +345,15 @@ msgstr "Шлях до сховища надійних сертифікатів
-
- #: src/config/SSSDConfig/__init__.py.in:122
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "Дозволити створення ключів SSH з сертифікатів"
-
- #: src/config/SSSDConfig/__init__.py.in:123
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
- msgstr ""
-+"Використати вказані нижче відповідні правила для фільтрування сертифікатів "
-+"для створення ключів SSH"
-
- #: src/config/SSSDConfig/__init__.py.in:126
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -788,7 +790,7 @@ msgid "Active Directory client hostname"
- msgstr "Назва клієнтського вузла Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Фільтр LDAP для визначення прав доступу"
-
-@@ -875,216 +877,226 @@ msgid "Option for tuning the machine account renewal task"
- msgstr ""
- "Параметр налаштовування завдання оновлення облікових записів комп’ютерів"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Адреса сервера Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Адреса резервного сервера Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Область Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Час очікування на розпізнавання"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Визначає, чи слід створювати файли kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Місце, куди слід скидати фрагменти налаштувань krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Каталог, де зберігатиметься кеш реєстраційних даних"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Адреса кешу реєстраційних даних користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Адреса таблиці ключів для перевірки реєстраційних даних"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Увімкнути перевірку реєстраційних даних"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Поновлюваний строк дії TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Строк дії TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Граничний час між двома перевірками для поновлення"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Вмикає FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Визначає реєстраційний запис, який слід використовувати для FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Вмикає перетворення реєстраційних записів у канонічну форму"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Увімкнути промислові реєстраційні дані"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr "Прив’язка імен користувачів до основних імен Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться "
- "виявити у KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, адреса URI сервера LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, адреса сервера LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Типова базова назва домену"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Тип схеми, використаний на сервері LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "Режим для зміни пароля користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Типова назва домену прив’язки"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Тип розпізнавання для типової назви сервера прив’язки"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Лексема розпізнавання типової назви сервера прив’язки"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Проміжок часу між спробами встановлення з’єднання"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Проміжок часу між повторними спробами встановлення з’єднання у автономному "
- "режимі"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Використовувати для назв областей лише великі літери"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Файл, що містить сертифікати CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Шлях до каталогу сертифікатів CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Файл, що містить клієнтський сертифікат"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Файл, що містить клієнтський ключ"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Показати список можливих інструментів шифрування"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Потрібна перевірка сертифіката TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Вкажіть механізм SASL, який слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Вкажіть область уповноваження SASL, яку слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
- "Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+"Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Таблиця ключів служби Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Розпізнавання Kerberos для з’єднання LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Переходити за посиланнями LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Строк дії TGT для з’єднання LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Спосіб розіменування псевдонімів"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Назва служби для пошуків за допомогою служби DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Кількість учасників, яких має не вистачати для вмикання повного скасування "
- "посилань"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1092,390 +1104,390 @@ msgstr ""
- "Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою "
- "переведення назв вузлів у канонічну форму під час прив’язки до SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "Атрибут entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "Атрибут lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Вимкнути контроль сторінок у LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Вимкнути отримання діапазонів Active Directory"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Тривалість очікування на дані запиту пошуку"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Тривалість очікування на дані запиту щодо переліку"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Проміжок часу між оновленнями нумерації"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Проміжок часу між спорожненнями кешу"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Вимагати TLS для пошуків ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
- "Використовувати відповідності ідентифікаторів objectSID замість попередньо "
- "встановлених ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Базова назва домену для пошуків користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Діапазон пошуків користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Фільтр пошуку користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Клас об’єктів для користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Атрибут імені користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Атрибут UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Головний атрибут GID"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Атрибут GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Атрибут домашнього каталогу"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Атрибут оболонки"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "Атрибут UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "Атрибут objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
- "Атрибут основної групи Active Directory для встановлення відповідності "
- "ідентифікатора"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Атрибут реєстраційного запису користувача (для Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Повне ім'я"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Атрибут memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Атрибут часу зміни"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "Атрибут shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "Атрибут shadowMin"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "Атрибут shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "Атрибут shadowWarning"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "Атрибут shadowInactive"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "Атрибут shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "Атрибут shadowFlag"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Атрибути зі списком уповноважених служб PAM"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Атрибути зі списком уповноважених серверних вузлів"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "Атрибути зі списком уповноважених серверних r-вузлів"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "Атрибут krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "Атрибут krbPasswordExpiration"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "Атрибут accountExpires AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "Атрибут userAccountControl AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "Атрибут nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "Атрибут loginDisabled NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "Атрибут loginExpirationTime NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "Атрибут loginAllowedTimeMap NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Атрибут відкритого ключа SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr "атрибут зі списком дозволених типів розпізнавання для користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "атрибут, що містить сертифікат X509 користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "атрибут, що містить адресу електронної пошти користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Список додаткових атрибутів, які слід отримувати разом із записом користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Базова назва домену для пошуків груп"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Клас об’єктів для груп"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Назва групи"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Пароль групи"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Атрибут GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Атрибут членства у групі"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "Атрибут UUID групи"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Атрибут часу зміни для груп"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Тип групи та інші прапорці"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "Атрибут групи LDAP зовнішнього учасника"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Базова назва домену для пошуків груп у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Клас об’єктів для груп у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Назва мережевої групи"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Атрибут членства у групах у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Атрибут трійки груп у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Атрибут часу зміни для мережевих груп"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Базова сервер назв домену для пошуку служб"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Клас об’єктів для служб"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Атрибут назви служби"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Атрибут порту служби"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Атрибут протоколу служби"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Нижня межа встановлення відповідності ідентифікатора"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Верхня межа встановлення відповідності ідентифікатора"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
- "Кількість ідентифікаторів для кожного зрізу під час встановлення "
- "відповідності ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
- "Використовувати для встановлення відповідності ідентифікаторів алгоритм, "
- "сумісний з autorid"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Назва типового домену для встановлення відповідності ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID типового домену для встановлення відповідності ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "Кількість вторинних зрізів"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Визначає, чи слід використовувати крупи реєстраційних записів"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN для запитів щодо ppolicy"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
- "Максимальна кількість записів для отримання під час обробки запитів із "
- "замінниками"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Правила оцінки завершення строку дії пароля"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Атрибути які слід використовувати для визначення чинності облікового запису"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
- "Правила, які має бути використано для визначення достатності прав доступу"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "Адреса резервного сервера LDAP, для якої можливі зміни паролів"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "Назва у службі DNS сервера зміни паролів LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1483,25 +1495,25 @@ msgstr ""
- "Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після "
- "зміни пароля"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Базова назва домену для пошуків правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Період автоматичного повного оновлення даних"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Період автоматичного кмітливого оновлення даних"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та "
- "мережами"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1509,141 +1521,141 @@ msgstr ""
- "Назви вузлів і/або повні назви у домені для цього комп’ютера для "
- "фільтрування списку правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку "
- "правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Визначає, чи слід включати правила, що містять мережеву групу у атрибуті "
- "вузла"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Визначає, чи слід включати правила, що містять формальний вираз у атрибуті "
- "вузла"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Клас об’єктів для правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
--msgstr ""
-+msgstr "Назва атрибута, який використано як клас об'єктів для правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Назва правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Атрибут команди правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Атрибут вузла правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Атрибут користувача правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Атрибут параметрів правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Атрибут runas правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
- "Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Атрибут граничного часу початку дії правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Атрибут граничного часу завершення дії правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Атрибут порядку правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Клас об’єктів для карт автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Атрибут назви карти автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Клас об’єктів для записів карт автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Атрибут ключа запису карти автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Атрибут значення запису карти автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Відокремлений комами список дозволених користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Відокремлений комами список заборонених користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Типова оболонка, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Базова адреса домашніх каталогів"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr "Кількість попередньо відгалужених дочірніх проксі-записів."
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Назва бібліотеки NSS, яку слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
- "Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це "
- "можливо"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Стек PAM, який слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "Шлях до початкового тексту файла passwd."
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "Шлях до початкового тексту файла group."
-
-@@ -2579,14 +2591,14 @@ msgid "Search by group ID"
- msgstr "Шукати за ідентифікатором групи"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "Не вдалося обробити ім'я %s.\n"
-+msgstr "Не вдалося відкрити %s\n"
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "Сокета SSSD не існує."
-+msgstr "Файла %1$s не існує.\n"
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2598,24 +2610,23 @@ msgstr ""
- #: src/tools/sssctl/sssctl_config.c:85
- #, c-format
- msgid "Failed to load configuration configuration from %s.\n"
--msgstr ""
-+msgstr "Не вдалося завантажити налаштування з %s.\n"
-
- #: src/tools/sssctl/sssctl_config.c:91
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "Помилка під час спроби прочитати каталог налаштувань.\n"
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"Файла %1$s не існує. SSSD використовуватиме типові налаштування для модуля "
--"надання даних щодо файлів.\n"
-+"Немає налаштувань. SSSD використає типові налаштування для засобу надання "
-+"файлів.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "Не вдалося запустити засоби перевірки"
-
- #: src/tools/sssctl/sssctl_config.c:115
- #, c-format
-@@ -2628,9 +2639,9 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "Повідомлення, створені під час об'єднування налаштувань: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "Використані файли фрагментів налаштувань: %u\n"
-+msgstr "Використаних файлів фрагментів налаштувань: %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2730,9 +2741,8 @@ msgid "Online status: %s\n"
- msgstr "Стан з'єднання: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "Показати дані щодо активного сервера"
-+msgstr "У цьому домені немає активних серверів.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-@@ -2744,7 +2754,7 @@ msgstr "не з’єднано"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "Не виявлено жодного сервера.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
-diff --git a/po/zh_CN.po b/po/zh_CN.po
-index b040b4350..d936fdaa1 100644
---- a/po/zh_CN.po
-+++ b/po/zh_CN.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:50+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
-@@ -695,7 +695,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -766,737 +766,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos 服务器地址"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "验证超时"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/zh_TW.po b/po/zh_TW.po
-index 12a6f8a97..f4e3ba1bc 100644
---- a/po/zh_TW.po
-+++ b/po/zh_TW.po
-@@ -7,7 +7,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:50+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/"
-@@ -694,7 +694,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -765,737 +765,746 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos 伺服器位址"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "認證逾時"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "儲存憑證快取的目錄"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "使用者憑證快取的位置"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "驗證憑證用的金鑰表格位置"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "啟用憑證驗證"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "需要 TLS 憑證驗證"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "指定要使用的 sasl 機制"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "指定要使用的 sasl 認證 id"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "指定要使用的 sasl 認證 id"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "搜尋請求的等候時間長度"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "全名"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "評估密碼過期時效的策略"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "許可的使用者清單,請使用半形逗號作為分隔"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "被禁止的使用者清單,請使用半形逗號作為分隔"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "預設 shell,/bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "要使用的 NSS 函式庫名稱"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "要使用的 PAM 堆疊"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/src/man/po/br.po b/src/man/po/br.po
-index e6f1d4dc7..414322a17 100644
---- a/src/man/po/br.po
-+++ b/src/man/po/br.po
-@@ -6,9 +6,9 @@
- # Fulup <fulup.jakez@gmail.com>, 2012
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-14 11:51+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
-@@ -300,9 +300,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Dre ziouer : true"
-@@ -322,16 +322,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -360,7 +360,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -658,8 +658,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -768,10 +768,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Dre zoiuer : 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1741,7 +1739,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Dre ziouer : 0"
-
-@@ -1805,7 +1803,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1870,8 +1868,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5040,34 +5038,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5075,14 +5092,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5090,17 +5107,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5110,12 +5127,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5123,17 +5140,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5141,7 +5171,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5152,7 +5182,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5161,7 +5191,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5169,26 +5199,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5196,7 +5226,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5204,7 +5234,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5212,41 +5242,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5255,32 +5285,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5288,24 +5318,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5313,17 +5343,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5334,24 +5364,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5362,12 +5392,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5380,7 +5410,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5392,17 +5422,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5410,49 +5440,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5460,28 +5490,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5493,7 +5523,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5501,7 +5531,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5509,39 +5539,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5551,7 +5581,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5559,26 +5589,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5586,7 +5616,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5594,31 +5624,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5627,56 +5657,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5692,12 +5722,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5706,14 +5736,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5722,24 +5752,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5747,19 +5777,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5768,7 +5798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5776,7 +5806,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5785,7 +5815,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5793,22 +5823,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5818,14 +5848,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5838,12 +5868,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5853,7 +5883,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5863,63 +5893,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5928,74 +5958,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6006,7 +6036,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6014,24 +6044,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6048,12 +6078,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6061,36 +6091,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6098,14 +6128,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6115,101 +6145,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6218,59 +6248,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6279,22 +6309,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6303,14 +6333,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6318,7 +6348,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6331,27 +6361,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6367,13 +6397,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7903,7 +7933,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7918,7 +7948,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7933,12 +7963,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7959,12 +7989,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7988,17 +8018,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8006,7 +8036,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8033,7 +8063,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8046,12 +8076,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8070,60 +8100,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8237,26 +8267,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9696,9 +9726,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9708,19 +9754,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9730,12 +9776,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9743,7 +9789,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9758,7 +9804,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9767,7 +9813,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9775,7 +9821,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9785,7 +9831,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13904,10 +13950,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 64"
--msgstr "Dre ziouer : 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13923,10 +13967,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 65536"
--msgstr "Dre ziouer : 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15429,10 +15471,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "RANNOÙ SERVIJOÙ"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-diff --git a/src/man/po/ca.po b/src/man/po/ca.po
-index adf6edf19..e2dfb3ef8 100644
---- a/src/man/po/ca.po
-+++ b/src/man/po/ca.po
-@@ -12,9 +12,9 @@
- # Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2015. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2015-10-18 04:13+0000\n"
- "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
- "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
-@@ -334,9 +334,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Per defecte: true"
-@@ -359,16 +359,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Per defecte: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -397,7 +397,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Per defecte: 10"
-
-@@ -592,10 +592,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (booleà)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -611,21 +609,11 @@ msgstr "try_inotify (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"L'SSSD monitora l'estat del resolv.conf per identificar quan cal actualitzar "
--"el seu traductor intern de DNS. Per defecte, s'intentarà utilitzar inotify "
--"per a això i recaurà en sondejar el resolv.conf cada cinc segons si no es "
--"pot utilitzar l'inotify."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -735,13 +723,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -752,15 +733,10 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Tingueu en compte que si s'estableix aquesta opció per a tots els usuaris "
--"des del domini principal, s'han d'utilitzar el seu FQN, p. ex. usuari@nom."
--"domini, per iniciar la sessió. En establir aquesta opció es canvia el "
--"predeterminat d'use_fully_qualified_names a True. No està permès l'ús "
--"d'aquesta opció juntament amb use_fully_qualified_names establert a False."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -869,10 +845,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Per defecte: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1911,7 +1885,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Per defecte: 0"
-
-@@ -1975,7 +1949,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Per defecte: none"
-
-@@ -2040,8 +2014,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Per defecte: False"
-@@ -2363,10 +2337,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2387,10 +2359,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Per defecte: sense establir (no se substituiran els espais)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5378,34 +5348,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Per defecte: 900 (15 minuts)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (enter)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Per defecte: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5413,14 +5404,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5428,17 +5419,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5448,12 +5439,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5461,17 +5452,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (enter)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5479,7 +5485,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5490,7 +5496,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5499,7 +5505,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5507,12 +5513,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -5522,7 +5528,7 @@ msgstr ""
- "valors següents:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5531,7 +5537,7 @@ msgstr ""
- "certificat del servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5543,7 +5549,7 @@ msgstr ""
- "normalment."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5554,7 +5560,7 @@ msgstr ""
- "proporciona un certificat dolent, immediatament s'acaba la sessió."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5565,22 +5571,22 @@ msgstr ""
- "immediatament s'acaba la sessió."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Per defecte: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -5589,7 +5595,7 @@ msgstr ""
- "Certificació que reconeixerà l'<command>sssd</command>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -5598,12 +5604,12 @@ msgstr ""
- "<filename>/etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5617,32 +5623,32 @@ msgstr ""
- "correctes."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5650,12 +5656,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -5664,12 +5670,12 @@ msgstr ""
- "class=\"protocol\">tls</systemitem> per a protegir el canal."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5677,17 +5683,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5698,24 +5704,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5726,12 +5732,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5744,7 +5750,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5756,17 +5762,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5774,51 +5780,51 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Per defecte: el valor de krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Per defecte: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5."
- "keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5826,28 +5832,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Per defecte: 86400 (24 hores)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5859,7 +5865,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5870,7 +5876,7 @@ msgstr ""
- "retorna a _tcp si no se'n troba cap."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5882,41 +5888,41 @@ msgstr ""
- "<quote>krb5_server</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/"
- "krb5.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5926,7 +5932,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5934,12 +5940,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -5948,7 +5954,7 @@ msgstr ""
- "costat del client. S'admeten els valors següents:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -5957,7 +5963,7 @@ msgstr ""
- "opció no inhabilita les polítiques de contrasenya de servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5965,7 +5971,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5977,25 +5983,25 @@ msgstr ""
- "contrasenya."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
- "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6004,7 +6010,7 @@ msgstr ""
- "quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6013,29 +6019,29 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Especifica el nom de servei per utilitzar quan està habilitada la detecció "
- "de serveis."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Per defecte: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6045,30 +6051,30 @@ msgstr ""
- "dels serveis."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
- "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -6084,12 +6090,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Exemple:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -6098,14 +6104,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -6114,17 +6120,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Per defecte: Buit"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -6133,7 +6139,7 @@ msgstr ""
- "d'atributs de control d'accés."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -6145,12 +6151,12 @@ msgstr ""
- "contrasenya és correcta."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "S'admeten els valors següents:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -6159,7 +6165,7 @@ msgstr ""
- "determinar si el compte ha caducat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -6168,7 +6174,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -6176,7 +6182,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -6185,7 +6191,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -6193,24 +6199,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Llista separada per comes d'opcions de control d'accés. Els valors permesos "
- "són:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6220,14 +6226,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6240,12 +6246,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -6255,7 +6261,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -6265,20 +6271,20 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -6287,31 +6293,31 @@ msgstr ""
- "authorizedService per determinar l'accés"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Per defecte: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -6320,12 +6326,12 @@ msgstr ""
- "s'utilitza més d'una vegada."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -6334,22 +6340,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -6358,13 +6364,13 @@ msgstr ""
- "es fa una cerca. S'admeten les opcions següents:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
- "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -6374,7 +6380,7 @@ msgstr ""
- "de la cerca."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -6383,7 +6389,7 @@ msgstr ""
- "només en localitzar l'objecte base de la cerca."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -6392,7 +6398,7 @@ msgstr ""
- "en la recerca i en la localització de l'objecte base de la cerca."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -6401,19 +6407,19 @@ msgstr ""
- "biblioteques de client LDAP)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6424,7 +6430,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6432,36 +6438,29 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -6471,20 +6470,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Totes les opcions comunes de configuració que s'apliquen als dominis SSD "
--"també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS "
--"DE DOMINI</quote> de la pàgina de manual de <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry> per a tots els detalls. <placeholder type=\"variablelist\" id="
--"\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "OPCIONS DE SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6492,36 +6485,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Per defecte: 21600 (6 hores)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6529,14 +6522,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6546,101 +6539,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6649,59 +6642,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "OPCIONS D'AUTOFS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Per defecte: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "OPCIONS AVANÇADES"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6710,22 +6703,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6734,14 +6727,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EXEMPLE"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6752,7 +6745,7 @@ msgstr ""
- "replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6765,27 +6758,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6801,13 +6794,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTES"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -8451,7 +8444,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (booleà)"
-
-@@ -8466,7 +8459,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -8481,12 +8474,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8507,12 +8500,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8536,17 +8529,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8554,7 +8547,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8581,7 +8574,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (enter)"
-
-@@ -8594,12 +8587,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8618,60 +8611,60 @@ msgid "Default: False (disabled)"
- msgstr "Per defecte: False (inhabilitat)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8785,26 +8778,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr "krb5_confd_path (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -10268,9 +10261,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (booleà)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -10280,19 +10291,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Per defecte: 3600 (segons)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -10302,12 +10313,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Per defecte: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -10315,7 +10326,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -10339,7 +10350,7 @@ msgstr ""
- "ad_domain = exemple.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -10351,7 +10362,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -10359,7 +10370,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -10369,7 +10380,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -10897,16 +10908,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
--#| "applications will not use the fast in memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les "
--"aplicacions clients no utilitzaran el fast en la memòria cau."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -11998,20 +12003,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
--#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> for more information on configuring Kerberos."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"<quote>krb5</quote> per canviar la contrasenya Kerberos. Vegeu "
--"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
--"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -14753,26 +14750,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the IPA provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA "
--"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--"manvolnum></citerefentry>. Per una referència detallada sintaxi, aneu a la "
--"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual "
--"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--"manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -14801,10 +14784,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (enter)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -14818,10 +14799,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id, max_id (enter)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -14832,17 +14811,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Per defecte: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (enter)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -14853,10 +14828,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Per defecte: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15057,17 +15030,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "user_attributes = +telephoneNumber, -loginShell\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"user_attributes = +telephoneNumber, -loginShell\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
-@@ -15336,10 +15304,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -15358,28 +15324,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "Proveïdor de LDAP de l'SSSD"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -15387,12 +15341,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per "
--"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</"
--"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir "
--"informació detallada de la sintaxi."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -16210,10 +16158,8 @@ msgstr "ldap_group_modify_timestamp (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -16428,10 +16374,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "SECCIONS DELS SERVEIS"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -16665,10 +16609,8 @@ msgstr "Per defecte: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "OPCIONS D'AUTOFS"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -16917,10 +16859,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (enter)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -18005,9 +17945,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Per defecte: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (enter)"
-diff --git a/src/man/po/cs.po b/src/man/po/cs.po
-index 4642fe99e..086df21c0 100644
---- a/src/man/po/cs.po
-+++ b/src/man/po/cs.po
-@@ -8,9 +8,9 @@
- # Pavel Borecki <pavel.borecki@gmail.com>, 2019. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2019-06-21 02:15+0000\n"
- "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n"
- "Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/"
-@@ -298,9 +298,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -320,16 +320,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -358,7 +358,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -656,8 +656,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -766,10 +766,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 200000"
- msgid "Default: sha256"
--msgstr "Výchozí: 200000"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1739,7 +1737,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1803,7 +1801,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1868,8 +1866,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5040,34 +5038,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_idmap_range_size (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_idmap_range_size (celé číslo)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5075,14 +5094,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5090,17 +5109,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5110,12 +5129,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5123,17 +5142,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_idmap_range_max (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_idmap_range_max (celé číslo)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5141,7 +5175,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5152,7 +5186,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5161,7 +5195,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5169,26 +5203,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5196,7 +5230,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5204,7 +5238,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5212,41 +5246,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5255,32 +5289,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5288,24 +5322,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5313,17 +5347,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5334,24 +5368,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5362,12 +5396,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5380,7 +5414,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5392,17 +5426,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5410,49 +5444,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5460,28 +5494,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5493,7 +5527,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5501,7 +5535,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5509,39 +5543,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5551,7 +5585,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5559,26 +5593,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5586,7 +5620,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5594,31 +5628,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5627,56 +5661,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5692,12 +5726,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5706,14 +5740,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5722,24 +5756,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5747,19 +5781,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5768,7 +5802,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5776,7 +5810,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5785,7 +5819,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5793,22 +5827,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5818,14 +5852,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5838,12 +5872,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5853,7 +5887,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5863,63 +5897,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5928,74 +5962,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6006,7 +6040,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6014,24 +6048,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6048,12 +6082,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6061,36 +6095,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6098,14 +6132,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6115,101 +6149,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6218,59 +6252,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6279,22 +6313,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6303,14 +6337,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6318,7 +6352,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6331,27 +6365,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6367,13 +6401,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7908,7 +7942,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7923,7 +7957,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7938,12 +7972,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7964,12 +7998,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7993,17 +8027,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8011,7 +8045,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8038,7 +8072,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8051,12 +8085,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8075,60 +8109,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8242,26 +8276,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9701,9 +9735,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9713,19 +9763,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9735,12 +9785,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9748,7 +9798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9763,7 +9813,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9772,7 +9822,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9780,7 +9830,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9790,7 +9840,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13887,10 +13937,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "ldap_idmap_range_size (integer)"
- msgid "max_ccaches (integer)"
--msgstr "ldap_idmap_range_size (celé číslo)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13904,10 +13952,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "ldap_idmap_range_size (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "ldap_idmap_range_size (celé číslo)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -13918,17 +13964,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 200000"
- msgid "Default: 64"
--msgstr "Výchozí: 200000"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_idmap_range_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_idmap_range_size (celé číslo)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -13939,10 +13981,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 200000"
- msgid "Default: 65536"
--msgstr "Výchozí: 200000"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -14131,10 +14171,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:176
--#, fuzzy
--#| msgid "probe sdap_search_send"
- msgid "probe sdap_parse_entry"
--msgstr "vyzkouší sdap_search_send"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:179
-@@ -14154,10 +14192,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
--#, fuzzy
--#| msgid "probe dp_req_done"
- msgid "probe sdap_parse_entry_done"
--msgstr "probe dp_req_done"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:193
-@@ -15236,10 +15272,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "simple_deny_groups (string)"
- msgid "ldap_group_type (string)"
--msgstr "simple_deny_groups (řetězec)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -15938,10 +15972,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-diff --git a/src/man/po/de.po b/src/man/po/de.po
-index cb8d12f78..6e65e6abc 100644
---- a/src/man/po/de.po
-+++ b/src/man/po/de.po
-@@ -8,9 +8,9 @@
- # Mario Blättermann <mario.blaettermann@gmail.com>, 2014
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-14 11:53+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
-@@ -324,9 +324,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Voreinstellung: »true«"
-@@ -346,16 +346,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Voreinstellung: »false«"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -384,7 +384,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Voreinstellung: 10"
-
-@@ -582,10 +582,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (Boolesch)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -601,22 +599,11 @@ msgstr "try_inotify (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD überwacht den Status der »resolv.conf«, um festzustellen, wann es "
--"seinen internen DNS-Resolver aktualisieren muss. Standardmäßig werden wir "
--"versuchen, dafür Inotify zu benutzen. Falls Inotify nicht benutzt werden "
--"kann, werden wir darauf zurückgreifen, alle fünf Sekunden »resolv.conf« "
--"abzufragen."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -738,8 +725,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -848,10 +835,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Voreinstellung: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1929,7 +1914,7 @@ msgstr ""
- "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Voreinstellung: 0"
-
-@@ -1993,7 +1978,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Voreinstellung: none"
-
-@@ -2058,8 +2043,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Voreinstellung: False"
-@@ -2392,10 +2377,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_extra_attrs (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_extra_attrs (Zeichenkette)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2416,10 +2399,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set, i.e. FAST is not used."
- msgid "Default: not set, all found rules are used"
--msgstr "Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5638,17 +5619,38 @@ msgstr ""
- "Lebensdauer) verwendet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Voreinstellung: 900 (15 Minuten)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (Ganzzahl)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -5658,17 +5660,17 @@ msgstr ""
- "pro Anfrage."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Voreinstellung: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5680,7 +5682,7 @@ msgstr ""
- "deaktiviert ist oder sich nicht ordnungsgemäß verhält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -5690,7 +5692,7 @@ msgstr ""
- "aber nicht in der Lage, es zu benutzen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5702,17 +5704,17 @@ msgstr ""
- "abgelehnt werden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "deaktiviert die Bereichsabfrage von Active Directory"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5728,12 +5730,12 @@ msgstr ""
- "es so aussehen, als ob große Gruppen keine Mitglieder hätten."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5744,19 +5746,42 @@ msgstr ""
- "Werte dieser Option werden durch OpenLDAP definiert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
- "Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in "
- "»ldap.conf« angegeben)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (Ganzzahl)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Wenn mittels SASL mit einem LDAP-Server kommuniziert wird, gibt dies die "
-+"mindestens nötige Sicherheitsstufe zum Herstellen der Verbindung an. Die "
-+"Werte dieser Option werden durch OpenLDAP definiert."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5768,7 +5793,7 @@ msgstr ""
- "nachgeschlagen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5779,7 +5804,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5792,7 +5817,7 @@ msgstr ""
- "unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5803,12 +5828,12 @@ msgstr ""
- "Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -5818,7 +5843,7 @@ msgstr ""
- "Werte angegeben werden:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5827,7 +5852,7 @@ msgstr ""
- "oder anfordern."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5839,7 +5864,7 @@ msgstr ""
- "Sitzung fährt normal fort."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5850,7 +5875,7 @@ msgstr ""
- "ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5861,22 +5886,22 @@ msgstr ""
- "sofort beendet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = entspricht »demand«"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Voreinstellung: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -5885,7 +5910,7 @@ msgstr ""
- "die <command>sssd</command> erkennen wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -5894,12 +5919,12 @@ msgstr ""
- "<filename>/etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5913,33 +5938,33 @@ msgstr ""
- "Erstellen der korrekten Namen verwendet werden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
- "gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5947,12 +5972,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -5961,12 +5986,12 @@ msgstr ""
- "\">tls</systemitem> benutzen muss, um den Kanal abzusichern."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5978,19 +6003,19 @@ msgstr ""
- "verlassen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-"
- "Directory-ObjectSIDs."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6009,24 +6034,24 @@ msgstr ""
- "Abbildung von IDs wählen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6037,12 +6062,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6055,7 +6080,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6067,17 +6092,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Voreinstellung Rechner/MeinRechner@BEREICH"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6088,17 +6113,17 @@ msgstr ""
- "»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Voreinstellung: der Wert von »krb5_realm«"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6108,34 +6133,34 @@ msgstr ""
- "Bind in eine kanonische Form zu bringen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Voreinstellung: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5."
- "keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6143,28 +6168,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Voreinstellung: 86400 (24 Stunden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6183,7 +6208,7 @@ msgstr ""
- "Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6194,7 +6219,7 @@ msgstr ""
- "Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6206,29 +6231,29 @@ msgstr ""
- "migrieren."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6238,12 +6263,12 @@ msgstr ""
- "Kerberos >= 1.7 verfügbar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -6259,7 +6284,7 @@ msgstr ""
- "manvolnum> </citerefentry> einrichten."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -6270,12 +6295,12 @@ msgstr ""
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -6284,7 +6309,7 @@ msgstr ""
- "Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -6293,7 +6318,7 @@ msgstr ""
- "kann keine Server-seitigen Passwortregelwerke deaktivieren."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -6304,7 +6329,7 @@ msgstr ""
- "manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -6316,7 +6341,7 @@ msgstr ""
- "Passwort geändert wurde."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -6326,17 +6351,17 @@ msgstr ""
- "festgelegten Regel."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6345,7 +6370,7 @@ msgstr ""
- "mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6359,28 +6384,28 @@ msgstr ""
- "merkliche Leistungsverbesserung bringen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Voreinstellung: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6389,17 +6414,17 @@ msgstr ""
- "soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -6408,12 +6433,12 @@ msgstr ""
- "Passwortänderung mit Unix-Zeit geändert wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -6443,12 +6468,12 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Beispiel:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -6460,7 +6485,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -6469,7 +6494,7 @@ msgstr ""
- "beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -6478,17 +6503,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Voreinstellung: leer"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -6497,7 +6522,7 @@ msgstr ""
- "Zugriffssteuerungsattribute aktiviert werden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -6508,12 +6533,12 @@ msgstr ""
- "einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Die folgenden Werte sind erlaubt:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -6522,7 +6547,7 @@ msgstr ""
- "»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -6535,7 +6560,7 @@ msgstr ""
- "gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -6546,7 +6571,7 @@ msgstr ""
- "Zugriff erlaubt wird oder nicht."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -6559,7 +6584,7 @@ msgstr ""
- "Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -6570,24 +6595,24 @@ msgstr ""
- "»ldap_account_expire_policy« funktioniert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte "
- "sind erlaubt:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6597,14 +6622,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6617,12 +6642,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -6632,7 +6657,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -6642,20 +6667,20 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -6664,33 +6689,33 @@ msgstr ""
- "»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
- "ob Zugriff gewährt wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Voreinstellung: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -6699,12 +6724,12 @@ msgstr ""
- "mehr als einmal benutzt wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -6713,22 +6738,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -6737,12 +6762,12 @@ msgstr ""
- "folgenden Optionen sind erlaubt:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -6752,7 +6777,7 @@ msgstr ""
- "Suche."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -6761,7 +6786,7 @@ msgstr ""
- "der Suche dereferenziert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -6770,7 +6795,7 @@ msgstr ""
- "Orten des Basisobjekts der Suche dereferenziert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -6779,12 +6804,12 @@ msgstr ""
- "<emphasis>never</emphasis> gehandhabt.)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -6793,7 +6818,7 @@ msgstr ""
- "beizubehalten, die das Schema RFC2307 benutzen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6811,7 +6836,7 @@ msgstr ""
- "getpw*() oder initgroups() abzurufen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6822,36 +6847,29 @@ msgstr ""
- "die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -6861,19 +6879,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten "
--"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt "
--"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder "
--"type=\"variablelist\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "SUDO-OPTIONEN"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6884,12 +6897,12 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -6899,7 +6912,7 @@ msgstr ""
- "heruntergeladen werden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -6908,17 +6921,17 @@ msgstr ""
- "emphasis> sein."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Voreinstellung: 21600 (6 Stunden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6926,7 +6939,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -6935,7 +6948,7 @@ msgstr ""
- "das Attribut »modifyTimestamp« benutzt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6945,12 +6958,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -6960,12 +6973,12 @@ msgstr ""
- "Netzwerkadressen und Rechnernamen)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -6974,7 +6987,7 @@ msgstr ""
- "Domain-Namen, die zum Filtern der Regeln benutzt werden sollen"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -6983,8 +6996,8 @@ msgstr ""
- "voll qualifizierten Domain-Namen automatisch herauszufinden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -6993,17 +7006,17 @@ msgstr ""
- "emphasis> ist, hat diese Option keine Auswirkungen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Voreinstellung: nicht angegeben"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7012,7 +7025,7 @@ msgstr ""
- "Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7021,12 +7034,12 @@ msgstr ""
- "herauszufinden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7035,12 +7048,12 @@ msgstr ""
- "eine Netzgruppe im Attribut »sudoHost« enthält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7049,14 +7062,14 @@ msgstr ""
- "einen Platzhalter im Attribut »sudoHost« enthält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7069,59 +7082,59 @@ msgstr ""
- "manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "AUTOFS-OPTIONEN"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "Der Name der Automount-Master-Abbildung in LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Voreinstellung: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "ERWEITERTE OPTIONEN"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7130,22 +7143,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7154,14 +7167,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "BEISPIEL"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7172,7 +7185,7 @@ msgstr ""
- "gesetzt ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7185,27 +7198,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7221,13 +7234,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "ANMERKUNGEN"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -8879,7 +8892,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (Boolesch)"
-
-@@ -8894,7 +8907,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -8916,12 +8929,12 @@ msgstr ""
- "Konfigurationsdatei migrieren."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8950,12 +8963,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Voreinstellung: 1200 (Sekunden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8983,17 +8996,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -9001,7 +9014,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -9036,7 +9049,7 @@ msgstr ""
- "gefundenen als Sicherungsserver."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (Ganzzahl)"
-
-@@ -9052,12 +9065,12 @@ msgstr ""
- "Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -9082,12 +9095,12 @@ msgid "Default: False (disabled)"
- msgstr "Voreinstellung: False (deaktiviert)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -9096,48 +9109,48 @@ msgstr ""
- "DNS-Server verwenden soll"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -9264,26 +9277,26 @@ msgstr ""
- "zu verwenden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -10198,20 +10211,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:359
--#, fuzzy
--#| msgid ""
--#| "GPO-based access control functionality uses GPO policy settings to "
--#| "determine whether or not a particular user is allowed to logon to a "
--#| "particular host."
- msgid ""
- "GPO-based access control functionality uses GPO policy settings to determine "
- "whether or not a particular user is allowed to logon to the host. For more "
- "information on the supported policy settings please refer to the "
- "<quote>ad_gpo_map</quote> options."
- msgstr ""
--"Die GPO-basierte Zugriffskontrolle verwendet gesetzte GPO-Regeln, um zu "
--"ermitteln, ob sich ein bestimmter Benutzer an einem bestimmten Rechner "
--"anmelden darf."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:367
-@@ -10266,16 +10271,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:417
--#, fuzzy
--#| msgid ""
--#| "NOTE: If the operation mode is set to enforcing, it is possible that "
--#| "users that were previously allowed logon access will now be denied logon "
--#| "access (as dictated by the GPO policy settings). In order to facilitate a "
--#| "smooth transition for administrators, a permissive mode is available that "
--#| "will not enforce the access control rules, but will evaluate them and "
--#| "will output a syslog message if access would have been denied. By "
--#| "examining the logs, administrators can then make the necessary changes "
--#| "before setting the mode to enforcing."
- msgid ""
- "NOTE: If the operation mode is set to enforcing, it is possible that users "
- "that were previously allowed logon access will now be denied logon access "
-@@ -10288,16 +10283,6 @@ msgid ""
- "functions' is required (see <citerefentry> <refentrytitle>sssctl</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)."
- msgstr ""
--"ACHTUNG: Wird der Operationsmodus auf »enforcing« gesetzt, dann ist es "
--"möglich, dass Benutzern, denen früher bereits einmal Zugriff gewährt wurde, "
--"ihnen dieser nun verweigert wird (sofern dies von den GPO-Regeln "
--"vorgeschrieben wird). Um Administratoren einen weichen Übergang zu "
--"ermöglichen, ist der Modus »permissive« verfügbar, der die Umsetzung der "
--"Zugriffskontrollregeln nicht erzwingt. Diese werden lediglich ausgewertet "
--"und eine Meldung geht an das Systemprotokoll, falls tatsächlich der Zugriff "
--"verweigert werden würde. Nach dem Untersuchen der Protokolle können "
--"Administratoren nun die nötigen Änderungen vornehmen, bevor der Modus auf "
--"»enforcing« gesetzt wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:436
-@@ -10849,9 +10834,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (Boolesch)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -10868,19 +10871,19 @@ msgstr ""
- "»dyndns_iface« angegeben wurde."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Voreinstellung: 3600 (Sekunden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -10890,12 +10893,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Voreinstellung: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -10907,7 +10910,7 @@ msgstr ""
- "Optionen von AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -10931,7 +10934,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -10943,7 +10946,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -10954,7 +10957,7 @@ msgstr ""
- "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -10964,7 +10967,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -11553,17 +11556,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
--#| "applications will not use the fast in memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, "
--"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher "
--"nicht."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -12779,20 +12775,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for "
--#| "more information on the locator plugin."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"Weitere Informationen über die Locator-Erweiterung finden Sie auf der "
--"Handbuchseite <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -15539,25 +15527,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the AD provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
--"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -15586,10 +15561,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (Ganzzahl)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -15603,10 +15576,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id,max_id (Ganzzahl)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -15617,17 +15588,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Voreinstellung: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (Ganzzahl)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -15638,10 +15605,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Voreinstellung: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15842,17 +15807,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "user_attributes = +telephoneNumber, -loginShell\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"user_attributes = +telephoneNumber, -loginShell\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
-@@ -16121,10 +16081,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (Zeichenkette)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -16143,28 +16101,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "SSSD LDAP-Anbieter"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -16172,11 +16118,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"Diese Handbuchseite beschreibt die Konfiguration von LDAP-Domains für "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Detaillierte Syntax-Informationen finden Sie im Abschnitt "
--"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -17043,10 +16984,8 @@ msgstr "ldap_group_modify_timestamp (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (Zeichenkette)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -17271,10 +17210,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "DIENSTABSCHNITTE"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -17522,10 +17459,8 @@ msgstr "Voreinstellung: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "AUTOFS-OPTIONEN"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -17825,10 +17760,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (Ganzzahl)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -19037,20 +18970,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Voreinstellung: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (Ganzzahl)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
-diff --git a/src/man/po/es.po b/src/man/po/es.po
-index f32f5fbae..3f20f2a0d 100644
---- a/src/man/po/es.po
-+++ b/src/man/po/es.po
-@@ -13,12 +13,13 @@
- # Daniel Cabrera <logan@fedoraproject.org>, 2011
- # Emilio Herrera <ehespinosa57@gmail.com>, 2018. #zanata
- # Emilio Herrera <ehespinosa57@gmail.com>, 2019. #zanata
-+# Emilio Herrera <ehespinosa57@gmail.com>, 2020. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
--"PO-Revision-Date: 2019-11-16 03:52+0000\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
-+"PO-Revision-Date: 2020-01-30 03:01+0000\n"
- "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
- "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
- "es/)\n"
-@@ -364,9 +365,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Predeterminado: true"
-@@ -389,16 +390,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Predeterminado: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -430,7 +431,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Predeterminado: 10"
-
-@@ -643,10 +644,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (booleano)"
-+msgstr "monitor_resolv_conf (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -654,6 +653,8 @@ msgid ""
- "Controls if SSSD should monitor the state of resolv.conf to identify when it "
- "needs to update its internal DNS resolver."
- msgstr ""
-+"Controla si SSSD monitorizaría el estado de resolv.conf para identificar "
-+"cuando necesita actualizar su interfaz de resolución DNS interno."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:335
-@@ -662,21 +663,14 @@ msgstr "try_inotify (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD monitorea el estado de resolv.conf para saber cuando es necesario "
--"actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para "
--"ello la herramienta inotify, quien consultará a resolv.conf cada cinco "
--"segundos en caso que inotify no pueda ser utilizado."
-+"Por defecto, SSSD intentará usar inotify para monitorizar cambios en los "
-+"ficheros de configuración y volverá a sondear cada cinco segundos si inotify "
-+"no puede ser usado."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -796,13 +790,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -813,15 +800,19 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Por favor advierta que si se ajusta esta opción todos los usuarios del "
--"domino primario tiene que usar su nombre totalmente cualificado, e.g. "
--"user@domain.name, para acceder. Fijando esta opción cambia el predeterminado "
--"de use_fully_qualified_names a True. No está permitido usar esta opción unto "
--"con use_fully_qualified_names fijado a False."
-+"Por favor advierta que si esta opción está establecida todos los usuarios "
-+"del dominio primario tienen que usar su nombre totalmente cualificado, e.g. "
-+"user@domain.name, para acceder. El establecimiento de esta opción cambia el "
-+"comportamiento predeterminado de use_fully_qualified_names a True. No está "
-+"permitido el uso de esta opción junto con use_fully_qualified_names "
-+"establecido a False. Una excepción de esta regla son los dominios con "
-+"<quote>id_provider=files</quote> que siempre intentan igualar el "
-+"comportamiento de nss_files y por lo tanto su salida es no cualificada aún "
-+"cuando se use la opción default_domain_suffix."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -892,15 +883,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:483
--#, fuzzy
--#| msgid "no_ocsp"
- msgid "soft_ocsp"
--msgstr "no_ocsp"
-+msgstr "soft_ocsp"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:485 sssd.conf.5.xml:585
- msgid "(NSS Version) This option is ignored."
--msgstr ""
-+msgstr "(Versión NSS) Esta opción es ignorada."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:488
-@@ -910,11 +899,15 @@ msgid ""
- "authentication when the system is offline and the OCSP responder cannot be "
- "reached."
- msgstr ""
-+"(Versión OpenSSL) S no se puede establecer una conexión con un contestador "
-+"OCSP la comprobación OCSP es saltada. Esta opción debería ser usada para "
-+"permitir la autenticación cuando el sistema no está en línea y el "
-+"contestador OCSP no puede ser alcanzado."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:498
- msgid "ocsp_dgst"
--msgstr ""
-+msgstr "ocsp_dgst"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:500
-@@ -922,39 +915,41 @@ msgid ""
- "Digest (hash) function used to create the certificate ID for the OCSP "
- "request. Allowed values are:"
- msgstr ""
-+"Función resumen (picadillo) usada para crear la ID del certificado para la "
-+"petición OCSP. Los valores permitidos son:"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:504
- msgid "sha1"
--msgstr ""
-+msgstr "sha1"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:505
- msgid "sha256"
--msgstr ""
-+msgstr "sha256"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:506
- msgid "sha384"
--msgstr ""
-+msgstr "sha384"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:507
- msgid "sha512"
--msgstr ""
-+msgstr "sha512"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Predeterminado: 5"
-+msgstr "Predeterminado: sha256"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
- msgid ""
- "(NSS Version) This option is ignored, because NSS uses sha1 unconditionally."
- msgstr ""
-+"(Versión NSS) Esta opción es ignorada, porque NSS usa sha1 "
-+"incondicionalmente."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:518
-@@ -1060,7 +1055,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:583
- msgid "soft_crl"
--msgstr ""
-+msgstr "soft_crl"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:588
-@@ -1070,6 +1065,10 @@ msgid ""
- "allow authentication when the system is offline and the CRL cannot be "
- "renewed."
- msgstr ""
-+"(Versión OpenSSL) Si una Lista de Revocación de Certificado (CRL) expira "
-+"ignora las comprobaciones CRL para los certificados relacionados. Esta "
-+"opción debería ser usada para permitir la autenticación cuando el sistema "
-+"está fuera de linea y la CRL no puede ser renovada."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:468
-@@ -2137,7 +2136,7 @@ msgstr ""
- "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Predeterminado: 0"
-
-@@ -2215,7 +2214,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Predeterminado: none"
-
-@@ -2294,8 +2293,8 @@ msgstr ""
- "de autenticación esta opción está deshabilitada por defecto."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Por defecto: False"
-@@ -2674,10 +2673,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (cadena)"
-+msgstr "ssh_use_certificate_matching_rules (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2688,6 +2685,11 @@ msgid ""
- "comma separated list of mapping and matching rule names. All other rules "
- "will be ignored."
- msgstr ""
-+"Por defecto el contestador ssh usará todos los certificados disponibles que "
-+"coincidan con las reglas para filtrar los certificados de modo que las "
-+"claves ssh solo se derivarán a los que coincidan. Con esta opción las reglas "
-+"usadas pueden ser restringidas con una lista separada por comas de nombres "
-+"de reglas que coincidan y mapeen. Todas las demás reglas serán ignoradas."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1763
-@@ -2695,13 +2697,13 @@ msgid ""
- "If a non-existing rule name is given all rules will be ignored and all "
- "available certificates will be used to derive ssh keys."
- msgstr ""
-+"Si se da un nombre de regla que no existe todas las reglas serán ignoradas y "
-+"los certificados disponibles serán usados para derivar claves ssh."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Por defecto: no ajustado (los espacios no serán reemplazados)"
-+msgstr "Predetermindo: no establecido, son usadas todas las reglas encontradas"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -3367,11 +3369,16 @@ msgid ""
- "user, typically ran at login) operation in the past, both the user entry "
- "and the group membership are updated."
- msgstr ""
-+"El refresco en segundo plano procesará usuarios, grupos y netgroups en el "
-+"cache. Para usuarios que han llevado a cabo el anteriormente initgroups "
-+"(obtener la membresía de grupo para el usuario, normalmente ejecutando "
-+"login), tanto la entrada usuario y la membresia de grupo son actualizados."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2263
- msgid "This option is automatically inherited for all trusted domains."
- msgstr ""
-+"Esta opción se hereda automáticamente para todos los dominios de confianza."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2267
-@@ -4613,13 +4620,6 @@ msgstr "hybrid"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3205
--#, fuzzy
--#| msgid ""
--#| "A primary group is autogenerated for user entries whose UID and GID "
--#| "numbers have the same value and at the same time the GID number does not "
--#| "correspond to a real group object in LDAP If the values are the same, but "
--#| "the primary GID in the user entry is also used by a group object, the "
--#| "primary GID of the user resolves to that group object."
- msgid ""
- "A primary group is autogenerated for user entries whose UID and GID numbers "
- "have the same value and at the same time the GID number does not correspond "
-@@ -4627,11 +4627,11 @@ msgid ""
- "GID in the user entry is also used by a group object, the primary GID of the "
- "user resolves to that group object."
- msgstr ""
--"Un grupo primario se autogenera para las entradas de usuario cuyos números "
--"UID y GID tienen los mismos valores y al mismo tiempo el número GID no "
--"coresponde a un objeto grupo real en LDAP si los valores son los mismos, "
--"pero el GID primario en la entrada de usuario se usa también por un objeto "
--"grupo, el GID primario del usaurio resuelve a este objeto grupo."
-+"Se autogenera un grupo primario para las entradas de usuario cuyos números "
-+"UID y GID tienen el mismo valor y al mismo tiempo el número GID no "
-+"corresponde un objeto grupo real en LDAP. Si los valores son los mismos "
-+"pero el GID primario en la entrada de usuario es también usado por un objeto "
-+"grupo, el GID primario del usuario se resuelve al de ese objeto grupo."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3218
-@@ -5377,22 +5377,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3693
--#, fuzzy
--#| msgid ""
--#| "With the growing number of authentication methods and the possibility "
--#| "that there are multiple ones for a single user the heuristic used by "
--#| "pam_sss to select the prompting might not be suitable for all use cases. "
--#| "To following options should provide a better flexibility here."
- msgid ""
- "With the growing number of authentication methods and the possibility that "
- "there are multiple ones for a single user the heuristic used by pam_sss to "
- "select the prompting might not be suitable for all use cases. The following "
- "options should provide a better flexibility here."
- msgstr ""
--"Con el creciente número de métodos de autenticación kyh la posibilidad de "
--"que haya múltiples para un solo usuario la heurística usada por pam_sss "
--"podría no ser adecuada para todos los casos de uso. Las siguientes opciones "
--"suministrarían una mejor flexibilidad aquí."
-+"Con el creciente número de métodos de autenticación y la la posibilidad de "
-+"que haya múltiples para un único usuario la heurística usada por pam_sss "
-+"para seleccionar la solicitud podría no ser adecuada para todos los casos. "
-+"Las siguientes opciones deberían suministrar una mejor flexibilidad aquí."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:3705
-@@ -5450,19 +5444,14 @@ msgstr "single_prompt"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3730
--#, fuzzy
--#| msgid ""
--#| "boolean value, if True there will be only a single prompt using the value "
--#| "of first_prompt where it is expected that both factor are entered as a "
--#| "single string"
- msgid ""
- "boolean value, if True there will be only a single prompt using the value of "
- "first_prompt where it is expected that both factors are entered as a single "
- "string"
- msgstr ""
--"valor booleano, si True habrá solo una única consulta usando el valor de "
--"first_prompt donde se espera que el factor sea introducido como una única "
--"cadena"
-+"valor booleano, si True habrá una única pregunta usando el valor de "
-+"first_prompt donde se espera que ambos factores se introduzcan como una "
-+"única cadena"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3719
-@@ -5475,12 +5464,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3700
--#, fuzzy
--#| msgid ""
--#| "Each supported authentication method has it's own configuration sub-"
--#| "section under <quote>[prompting/...]</quote>. Currently there are: "
--#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#| "\"variablelist\" id=\"1\"/>"
- msgid ""
- "Each supported authentication method has its own configuration subsection "
- "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
-@@ -5493,19 +5476,14 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3742
--#, fuzzy
--#| msgid ""
--#| "It is possible to add a sub-section for specific PAM services like e.g. "
--#| "<quote>[prompting/password/sshd]</quote> to individual change the "
--#| "prompting for this service."
- msgid ""
- "It is possible to add a subsection for specific PAM services, e.g. "
- "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
- "for this service."
- msgstr ""
--"Es posible añadir una subsección para srvicios PAM especificos como e.g. "
--"<quote>[prompting/password/sshd]</quote> para cambio individual de la "
--"consulta para este servicio."
-+"Es posible añadir una subsección para servicios PAM específicos, e.g. "
-+"<quote>[prompting/password/sshd]</quote> para el cambio individual de la "
-+"pregunta para este servicio."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd.conf.5.xml:3749 idmap_sss.8.xml:43
-@@ -6301,17 +6279,38 @@ msgstr ""
- "temprano (este valor contra el tiempo de vida TGT)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Predeterminado: 900 (15 minutos)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (entero)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -6320,17 +6319,17 @@ msgstr ""
- "Algunos servidores LDAP hacen cumplir un límite máximo por petición."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Predeterminado: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -6341,7 +6340,7 @@ msgstr ""
- "RootDSE pero no está habilitado o no se comporta apropiadamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -6351,7 +6350,7 @@ msgstr ""
- "pero es incapaz de usarlo."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -6362,17 +6361,17 @@ msgstr ""
- "puede ocasionar que algunas peticiones sean denegadas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Deshabilitar la recuperación del rango de Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -6388,12 +6387,12 @@ msgstr ""
- "miembros."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -6404,19 +6403,42 @@ msgstr ""
- "de esta opción son definidos por OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
- "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap."
- "conf)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (entero)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Cuando se está comunicando con un servidor LDAP usando SASL, especifica el "
-+"nivel de seguridad mínimo necesario para establecer la conexión. Los valores "
-+"de esta opción son definidos por OpenLDAP."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -6427,7 +6449,7 @@ msgstr ""
- "deference. Si hay menos miembros desaparecidos, se buscarán individualmente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -6444,7 +6466,7 @@ msgstr ""
- "lo soporta y auncia el control de la desreferencia en el objeto rootDSE."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -6457,7 +6479,7 @@ msgstr ""
- "soportados son 389/RHDS, OpenLDAP y Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -6468,12 +6490,12 @@ msgstr ""
- "será deshabilitado sin tener en cuenta este ajuste."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -6483,7 +6505,7 @@ msgstr ""
- "los siguientes valores:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -6492,7 +6514,7 @@ msgstr ""
- "certificado de servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6503,7 +6525,7 @@ msgstr ""
- "certificado malo, será ignorado y la sesión continua normalmente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6514,7 +6536,7 @@ msgstr ""
- "certificado malo, la sesión se termina inmediatamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -6525,22 +6547,22 @@ msgstr ""
- "termina inmediatamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Predeterminado: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -6549,7 +6571,7 @@ msgstr ""
- "de Certificación que <command>sssd</command> reconocerá."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -6558,12 +6580,12 @@ msgstr ""
- "etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -6577,33 +6599,33 @@ msgstr ""
- "para crear los nombres correctos."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
- "Especifica el fichero que contiene el certificado para la clave del cliente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "Especifica el archivo que contiene la clave del cliente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -6614,12 +6636,12 @@ msgstr ""
- "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -6628,12 +6650,12 @@ msgstr ""
- "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -6644,18 +6666,18 @@ msgstr ""
- "ldap_user_uid_number y ldap_group_gid_number."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr "ldap_min_id, ldap_max_id (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6673,17 +6695,17 @@ msgstr ""
- "el servidor. Los subdominios pueden elegir otros rangos para asignar IDs."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr "Predeterminado: no establecido (ambas opciones se establecen a 0)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
-@@ -6692,7 +6714,7 @@ msgstr ""
- "soportados GSSAPI y GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6709,12 +6731,12 @@ msgstr ""
- "manvolnum></citerefentry> para más detalles."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6734,7 +6756,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6754,17 +6776,17 @@ msgstr ""
- "en la pestaña."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Por defecto: host/nombre_de_host@REALM"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6775,17 +6797,17 @@ msgstr ""
- "reino también, esta opción se ignora."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Por defecto: el valor de krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6794,34 +6816,34 @@ msgstr ""
- "para para canocalizar el nombre de host durante una unión SASL."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Predeterminado: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr "Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6832,12 +6854,12 @@ msgstr ""
- "es GSSAPI o GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-@@ -6845,17 +6867,17 @@ msgstr ""
- "SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Predeterminado: 86400 (24 horas)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6874,7 +6896,7 @@ msgstr ""
- "información, vea la sección <quote>SERVICE DISCOVERY</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6885,7 +6907,7 @@ msgstr ""
- "regresa a _tcp si no se encuentra nada."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6897,30 +6919,30 @@ msgstr ""
- "configuración para usar <quote>krb5_server</quote> en su lugar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
- "Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6929,12 +6951,12 @@ msgstr ""
- "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -6949,7 +6971,7 @@ msgstr ""
- "manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -6961,12 +6983,12 @@ msgstr ""
- "localizador."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -6975,7 +6997,7 @@ msgstr ""
- "del cliente. Los siguientes valores son permitidos:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -6984,7 +7006,7 @@ msgstr ""
- "no puede deshabilitar las políticas de password en el lado servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -6995,7 +7017,7 @@ msgstr ""
- "manvolnum></citerefentry> para evaluar si la contraseña ha expirado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -7007,7 +7029,7 @@ msgstr ""
- "password."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -7017,19 +7039,19 @@ msgstr ""
- "establecida por esta opción."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
- "Especifica si el seguimiento de referencias automático debería ser "
- "habilitado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -7038,7 +7060,7 @@ msgstr ""
- "está compilado con OpenLDAP versión 2.4.13 o más alta."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -7051,29 +7073,29 @@ msgstr ""
- "esta opción a false le llevará a una notable mejora de rendimiento."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Especifica el nombre del servicio para utilizar cuando está habilitado el "
- "servicio de descubrimiento."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Predeterminado: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -7083,17 +7105,17 @@ msgstr ""
- "descubrimiento."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -7102,12 +7124,12 @@ msgstr ""
- "desde el Epoch después de una operación de cambio de contraseña."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -7135,12 +7157,12 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Ejemplo:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -7152,7 +7174,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -7161,7 +7183,7 @@ msgstr ""
- "usuarios cuyo atributo employeeType esté establecido a \"admin\"."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -7174,17 +7196,17 @@ msgstr ""
- "se les seguirán otorgando acceso sin conexión y viceversa."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Predeterminado: vacío"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -7193,7 +7215,7 @@ msgstr ""
- "control de acceso del lado cliente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -7204,12 +7226,12 @@ msgstr ""
- "una código de error definible aunque el password sea correcto."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Los siguientes valores están permitidos:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -7218,7 +7240,7 @@ msgstr ""
- "determinar si la cuenta ha expirado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -7231,7 +7253,7 @@ msgstr ""
- "se comprueba el tiempo de expiración de la cuenta."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -7242,7 +7264,7 @@ msgstr ""
- "el acceso o no."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -7255,7 +7277,7 @@ msgstr ""
- "permitido. Si ambos atributos están desaparecidos se concede el acceso."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -7266,24 +7288,24 @@ msgstr ""
- "la opción ldap_account_expire_policy funcione."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Lista separada por coma de opciones de control de acceso. Los valores "
- "permitidos son:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7299,7 +7321,7 @@ msgstr ""
- "funciones."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
-@@ -7309,7 +7331,7 @@ msgstr ""
- "</emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7331,12 +7353,12 @@ msgstr ""
- "estar establecido para que esta característica funcione."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -7351,7 +7373,7 @@ msgstr ""
- "método distinto a las contraseñas - por ejemplo claves SSH."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -7366,7 +7388,7 @@ msgstr ""
- "inmediatamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-@@ -7374,7 +7396,7 @@ msgstr ""
- "explícito."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
-@@ -7384,7 +7406,7 @@ msgstr ""
- "para una política de contraseña apropiada."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -7393,13 +7415,13 @@ msgstr ""
- "autorizedService para determinar el acceso"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
-@@ -7408,7 +7430,7 @@ msgstr ""
- "host remoto puede acceder"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
-@@ -7418,12 +7440,12 @@ msgstr ""
- "opción de control de acceso"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Predeterminado: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -7432,12 +7454,12 @@ msgstr ""
- "una vez."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -7451,22 +7473,22 @@ msgstr ""
- "LDAP no pueden verificarse correctamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr "Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -7475,13 +7497,13 @@ msgstr ""
- "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
- "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -7491,7 +7513,7 @@ msgstr ""
- "búsqueda."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -7500,7 +7522,7 @@ msgstr ""
- "cuando se localice el objeto base de la búsqueda."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -7509,7 +7531,7 @@ msgstr ""
- "para la búsqueda como en la localización del objeto base de la búsqueda."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -7518,12 +7540,12 @@ msgstr ""
- "librerías cliente LDAP)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -7532,7 +7554,7 @@ msgstr ""
- "servidores que usan el esquema RFC2307."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -7550,7 +7572,7 @@ msgstr ""
- "llamadas getpw*() o initgroups()."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -7561,12 +7583,12 @@ msgstr ""
- "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr "wildcard_limit (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
-@@ -7575,25 +7597,18 @@ msgstr ""
- "descargadas durante una búsqueda de comodín."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
- "En este momento solo el respondedor InfoPipe soporta búsqueda de comodín"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr "Predeterminado: 1000 (frecuentemente el tamaño de una página)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -7603,19 +7618,22 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Todas las opciones de configuración comunes que se aplican a los dominios "
--"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
-+"Todas las opciones comunes de configuración que se aplican a los dominios "
-+"SSSD tambien se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
- "SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles "
--"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
-+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para todos los "
-+"detalles. Advierta que los atributos de mapeo SSSD LDAP están descritos en "
-+"la página de manual <citerefentry> <refentrytitle>sssd-ldap-attributes</"
-+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder type="
-+"\"variablelist\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "OPCIONES SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -7626,12 +7644,12 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -7641,7 +7659,7 @@ msgstr ""
- "servidor)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -7650,17 +7668,17 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Por defecto: 21600 (6 horas)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -7672,7 +7690,7 @@ msgstr ""
- "actualmente SSSD)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -7681,7 +7699,7 @@ msgstr ""
- "atributo modifyTimestamp."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -7697,12 +7715,12 @@ msgstr ""
- "<emphasis>ldap_connection_expire_timeout</emphasis>)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -7711,12 +7729,12 @@ msgstr ""
- "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -7725,7 +7743,7 @@ msgstr ""
- "totalmente cualificados que sería usada para filtrar las reglas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -7734,8 +7752,8 @@ msgstr ""
- "nombre de dominio totalmente cualificado automáticamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -7744,17 +7762,17 @@ msgstr ""
- "emphasis> esta opción no tiene efecto."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Por defecto: no especificado"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7763,7 +7781,7 @@ msgstr ""
- "usada para filtrar las reglas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7772,12 +7790,12 @@ msgstr ""
- "automáticamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "sudo_include_netgroups (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7786,12 +7804,12 @@ msgstr ""
- "atributo sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7800,7 +7818,7 @@ msgstr ""
- "atributo sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
-@@ -7809,7 +7827,7 @@ msgstr ""
- "del servidor LDAP!"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7822,12 +7840,12 @@ msgstr ""
- "manvolnum> </citerefentry>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "OPCIONES AUTOFS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
-@@ -7836,47 +7854,47 @@ msgstr ""
- "esquema LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "El nombre del mapa maestro de montaje automático en LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Pfredeterminado: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "OPCIONES AVANZADAS"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7889,22 +7907,22 @@ msgstr ""
- "función, si los nombres de grupo no están siendo visualizados correctamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7917,14 +7935,14 @@ msgstr ""
- "<placeholder type=\"variablelist\" id=\"1\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EJEMPLO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7935,7 +7953,7 @@ msgstr ""
- "replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7955,20 +7973,20 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr "EJEMPLO DE FILTRO DE ACCESO LDAP"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
-@@ -7977,7 +7995,7 @@ msgstr ""
- "ldap_access_order=lockout."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -8003,13 +8021,13 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTAS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -9937,7 +9955,7 @@ msgstr ""
- "este host. El nombre de host debe ser totalmente cualificado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (booleano)"
-
-@@ -9957,7 +9975,7 @@ msgstr ""
- "otra manera utilizando la opción <quote>dyndns_iface</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -9978,12 +9996,12 @@ msgstr ""
- "usar <emphasis>dyndns_update</emphasis> en su fichero de configuración."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -10010,12 +10028,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Por defecto: 1200 (segundos)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -10046,17 +10064,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -10064,7 +10082,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -10091,7 +10109,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -10104,12 +10122,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -10128,60 +10146,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -10306,26 +10324,26 @@ msgstr ""
- "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -11800,9 +11818,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (booleano)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -11812,19 +11848,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -11834,12 +11870,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Predeterminado: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -11850,7 +11886,7 @@ msgstr ""
- "Este ejemplo muestra sólo las opciones específicas del proveedor AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -11874,7 +11910,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -11886,7 +11922,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -11897,7 +11933,7 @@ msgstr ""
- "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -11907,7 +11943,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -12480,16 +12516,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
--#| "client applications will not use the fast in-memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"AVISO: Si la variable de entorno SSS_NSS_USE_MEMCACHE estça fijada a \"NO\", "
--"las aplicaciones clientes no usaran la memoria cache rápida."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -13630,21 +13660,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for "
--#| "more information on the locator plugin."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"Vea la página de manual <citerefentry> "
--"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</"
--"manvolnum> </citerefentry> para más información sobre el complemento "
--"localizador."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -16323,26 +16344,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the AD provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"Esta página de manual describe la configuración del proveedor AD para "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección "
--"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -16371,10 +16378,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (entero)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -16388,10 +16393,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id, max_id (entero)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -16402,17 +16405,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Predeterminado: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (entero)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -16423,10 +16422,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Predeterminado: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -16627,17 +16624,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "auth sufficient pam_sss.so allow_missing_name\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"auth sufficient pam_sss.so allow_missing_name\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
-@@ -16906,10 +16898,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -16928,28 +16918,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "Proveedor SSSD LDAP"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -16957,11 +16935,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"Esta página de manual describe la configuración de dominios LDAP para "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Vea la sección <quote>FILE FORMAT</quote> de la página de "
--"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--"manvolnum> </citerefentry> para información detallada de la sintáxis."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -17850,10 +17823,8 @@ msgstr "ldap_group_modify_timestamp (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -18083,10 +18054,8 @@ msgstr "Atributo LDAP que contiene las UUID/GUID de un objeto host LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "SECCIONES DE SERVICIOS"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -18334,10 +18303,8 @@ msgstr "Por defecto: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "OPCIONES AUTOFS"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -18649,10 +18616,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (entero)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -19779,27 +19744,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid ""
--#~ "The background refresh will process users, groups and netgroups in the "
--#~ "cache."
--#~ msgstr ""
--#~ "El refresco en segundo plano procesará usuarios grupos y grupos de red en "
--#~ "la caché."
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Predeterminado: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (entero)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
-diff --git a/src/man/po/eu.po b/src/man/po/eu.po
-index 60d333c05..a122f6ce6 100644
---- a/src/man/po/eu.po
-+++ b/src/man/po/eu.po
-@@ -5,9 +5,9 @@
- # Translators:
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-14 11:55+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
-@@ -294,9 +294,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -316,16 +316,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -354,7 +354,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -652,8 +652,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -1733,7 +1733,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1797,7 +1797,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1862,8 +1862,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5032,34 +5032,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5067,14 +5086,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5082,17 +5101,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5102,12 +5121,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5115,17 +5134,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5133,7 +5165,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5144,7 +5176,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5153,7 +5185,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5161,26 +5193,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5188,7 +5220,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5196,7 +5228,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5204,41 +5236,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5247,32 +5279,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5280,24 +5312,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5305,17 +5337,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5326,24 +5358,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5354,12 +5386,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5372,7 +5404,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5384,17 +5416,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5402,49 +5434,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5452,28 +5484,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5485,7 +5517,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5493,7 +5525,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5501,39 +5533,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5543,7 +5575,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5551,26 +5583,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5578,7 +5610,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5586,31 +5618,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5619,56 +5651,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5684,12 +5716,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5698,14 +5730,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5714,24 +5746,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5739,19 +5771,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5760,7 +5792,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5768,7 +5800,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5777,7 +5809,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5785,22 +5817,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5810,14 +5842,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5830,12 +5862,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5845,7 +5877,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5855,63 +5887,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5920,74 +5952,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -5998,7 +6030,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6006,24 +6038,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6040,12 +6072,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6053,36 +6085,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6090,14 +6122,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6107,101 +6139,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6210,59 +6242,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6271,22 +6303,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6295,14 +6327,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6310,7 +6342,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6323,27 +6355,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6359,13 +6391,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7895,7 +7927,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7910,7 +7942,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7925,12 +7957,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7951,12 +7983,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7980,17 +8012,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -7998,7 +8030,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8025,7 +8057,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8038,12 +8070,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8062,60 +8094,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8229,26 +8261,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9688,9 +9720,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9700,19 +9748,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9722,12 +9770,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9735,7 +9783,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9750,7 +9798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9759,7 +9807,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9767,7 +9815,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9777,7 +9825,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-diff --git a/src/man/po/fi.po b/src/man/po/fi.po
-index 34eec244a..3522376ce 100644
---- a/src/man/po/fi.po
-+++ b/src/man/po/fi.po
-@@ -1,9 +1,9 @@
- # Toni Rantala <trantalafilo@gmail.com>, 2017. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2017-03-24 08:46+0000\n"
- "Last-Translator: Toni Rantala <trantalafilo@gmail.com>\n"
- "Language-Team: Finnish\n"
-@@ -289,9 +289,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Oletus:tosi"
-@@ -311,16 +311,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Oletus:epätosi"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -349,7 +349,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -647,8 +647,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -757,10 +757,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: false"
- msgid "Default: sha256"
--msgstr "Oletus:epätosi"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1730,7 +1728,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1794,7 +1792,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1859,8 +1857,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -2196,10 +2194,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Oletus: ei asetettu(välilyöntejä ei korvata)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5033,34 +5029,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5068,14 +5083,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5083,17 +5098,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5103,12 +5118,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5116,17 +5131,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5134,7 +5162,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5145,7 +5173,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5154,7 +5182,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5162,26 +5190,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5189,7 +5217,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5197,7 +5225,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5205,41 +5233,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5248,32 +5276,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5281,24 +5309,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5306,17 +5334,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5327,24 +5355,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5355,12 +5383,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5373,7 +5401,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5385,17 +5413,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5403,49 +5431,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5453,28 +5481,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5486,7 +5514,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5494,7 +5522,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5502,39 +5530,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5544,7 +5572,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5552,26 +5580,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5579,7 +5607,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5587,31 +5615,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5620,56 +5648,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5685,12 +5713,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5699,14 +5727,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5715,24 +5743,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5740,19 +5768,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5761,7 +5789,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5769,7 +5797,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5778,7 +5806,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5786,22 +5814,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5811,14 +5839,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5831,12 +5859,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5846,7 +5874,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5856,63 +5884,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5921,74 +5949,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -5999,7 +6027,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6007,24 +6035,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6041,12 +6069,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6054,36 +6082,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6091,14 +6119,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6108,101 +6136,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6211,59 +6239,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6272,22 +6300,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6296,14 +6324,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6311,7 +6339,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6324,27 +6352,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6360,13 +6388,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7896,7 +7924,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7911,7 +7939,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7926,12 +7954,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7952,12 +7980,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7981,17 +8009,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -7999,7 +8027,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8026,7 +8054,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8039,12 +8067,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8063,60 +8091,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8230,26 +8258,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9689,9 +9717,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "debug_timestamps (bool)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "debug_timestamps (bool)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9701,19 +9747,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9723,12 +9769,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9736,7 +9782,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9751,7 +9797,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9760,7 +9806,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9768,7 +9814,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9778,7 +9824,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13870,10 +13916,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13887,10 +13931,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "enum_cache_timeout (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -13901,17 +13943,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: true"
- msgid "Default: 64"
--msgstr "Oletus:tosi"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "enum_cache_timeout (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -13922,10 +13960,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: true"
- msgid "Default: 65536"
--msgstr "Oletus:tosi"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-diff --git a/src/man/po/fr.po b/src/man/po/fr.po
-index adea5d1a6..aa86c5c23 100644
---- a/src/man/po/fr.po
-+++ b/src/man/po/fr.po
-@@ -14,9 +14,9 @@
- # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2016-03-19 03:04+0000\n"
- "Last-Translator: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>\n"
- "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
-@@ -338,9 +338,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Par défaut : true"
-@@ -363,16 +363,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Par défaut : false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -401,7 +401,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Par défaut : 10"
-
-@@ -599,10 +599,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (booléen)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -618,21 +616,11 @@ msgstr "try_inotify (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD gère l'état de resolv.conf pour identifier les besoins de mise à jour "
--"des résolutions DNS internes. Par défaut, l'utilisation de inotify sera "
--"tentée, et reviendra à une interrogation de resolv.conf toutes les cinq "
--"secondes si inotify échoue."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -742,13 +730,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -759,16 +740,10 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Noter que, si cette option est définie, tous les utilisateurs du domaine "
--"principal doivent utiliser leur nom pleinement qualifié, par exemple "
--"user@domain.name, pour se connecter. L'utilisation de cette option modifie "
--"la valeur par défaut de use_fully_qualified_names à True. Il n'est pas "
--"possible ni autorisé d'utiliser cette option avec l'option "
--"use_fully_qualified_names à False."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -883,10 +858,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Par défaut : 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1969,7 +1942,7 @@ msgstr ""
- "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Par défaut : 0"
-
-@@ -2038,7 +2011,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Par défaut : aucun"
-
-@@ -2103,8 +2076,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Par défaut : False"
-@@ -2434,10 +2407,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (chaîne)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2458,10 +2429,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5687,17 +5656,38 @@ msgstr ""
- "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Par défaut : 900 (15 minutes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (entier)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (entier)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -5706,17 +5696,17 @@ msgstr ""
- "Certains serveurs LDAP imposent une limite maximale par requête."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Par défaut : 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5728,7 +5718,7 @@ msgstr ""
- "correctement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -5738,7 +5728,7 @@ msgstr ""
- "sera impossible de l'utiliser."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5749,17 +5739,17 @@ msgstr ""
- "cela peut entraîner l'échec de certaines demandes."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Désactiver la récupération de plage Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5775,12 +5765,12 @@ msgstr ""
- "apparaissant ainsi sans aucun membre."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5791,19 +5781,42 @@ msgstr ""
- "de cette option sont définies par OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
- "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié "
- "par ldap.conf)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (integer)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Lors de la communication avec un serveur LDAP en utilisant SASL, spécifie le "
-+"niveau de sécurité minimal nécessaire pour établir la connexion. Les valeurs "
-+"de cette option sont définies par OpenLDAP."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (entier)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5814,7 +5827,7 @@ msgstr ""
- "membres manquants est inférieur, ils sont recherchés individuellement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5825,7 +5838,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5838,7 +5851,7 @@ msgstr ""
- "acceptés sont 389/RHDS, OpenLDAP et Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5849,12 +5862,12 @@ msgstr ""
- "déréférencement est désactivée indépendamment de ce paramètre."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -5863,7 +5876,7 @@ msgstr ""
- "session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5872,7 +5885,7 @@ msgstr ""
- "quelconque certificat du serveur."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5883,7 +5896,7 @@ msgstr ""
- "certificat est fourni, il est ignoré et la session continue normalement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5894,7 +5907,7 @@ msgstr ""
- "certificat est fourni, la session se termine immédiatement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5905,22 +5918,22 @@ msgstr ""
- "immédiatement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Par défaut : hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -5929,7 +5942,7 @@ msgstr ""
- "certification que <command>sssd</command> reconnaîtra."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -5938,12 +5951,12 @@ msgstr ""
- "<filename>/etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5957,32 +5970,32 @@ msgstr ""
- "corrects."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr "Définit le fichier qui contient le certificat pour la clef du client."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "Définit le fichier qui contient la clef du client."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5990,12 +6003,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -6005,12 +6018,12 @@ msgstr ""
- "canal."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -6022,19 +6035,19 @@ msgstr ""
- "ldap_group_gid_number."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "Cette fonctionnalité ne prend actuellement en charge que la correspondance "
- "par objectSID avec Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6054,24 +6067,24 @@ msgstr ""
- "identifiants."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr "Par défaut : non indiqué (les deux options sont à 0)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6082,12 +6095,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6100,7 +6113,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6112,17 +6125,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Par défaut : host/hostname@REALM"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6133,17 +6146,17 @@ msgstr ""
- "domaine, cette option est ignorée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Par défaut : la valeur de krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6152,34 +6165,34 @@ msgstr ""
- "le nom de l'hôte au cours d'une liaison SASL."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Défaut : false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
- "keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6187,28 +6200,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (entier)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Par défaut : 86400 (24 heures)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6228,7 +6241,7 @@ msgstr ""
- "<quote>DÉCOUVERTE DE SERVICES</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6239,7 +6252,7 @@ msgstr ""
- "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6251,29 +6264,29 @@ msgstr ""
- "l'utilisation de <quote>krb5_server</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6283,12 +6296,12 @@ msgstr ""
- "Kerberos > = 1.7"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -6303,7 +6316,7 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -6315,12 +6328,12 @@ msgstr ""
- "localisation."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -6329,7 +6342,7 @@ msgstr ""
- "valeurs suivantes sont acceptées :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -6338,7 +6351,7 @@ msgstr ""
- "peut pas désactiver la politique sur les mots de passe du côté serveur."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -6349,7 +6362,7 @@ msgstr ""
- "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -6361,7 +6374,7 @@ msgstr ""
- "est changé."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -6370,17 +6383,17 @@ msgstr ""
- "côté serveur, elle prend le pas sur la politique indiquée avec cette option."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr "Définit si le déréférencement automatique doit être activé."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6389,7 +6402,7 @@ msgstr ""
- "compilé avec OpenLDAP version 2.4.13 ou supérieur."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6403,29 +6416,29 @@ msgstr ""
- "permettre d'améliorer de façon notable les performances."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Définit le nom de service à utiliser quand la découverte de services est "
- "activée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Par défaut : ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6434,19 +6447,19 @@ msgstr ""
- "un changement de mot de passe quand la découverte de services est activée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
- "Par défaut : non défini, c'est-à-dire que le service de découverte est "
- "désactivé."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (bool)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -6456,12 +6469,12 @@ msgstr ""
- "de passe."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -6477,12 +6490,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Exemple :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -6494,7 +6507,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -6503,7 +6516,7 @@ msgstr ""
- "dont l'attribut employeeType est « admin »."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -6512,17 +6525,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Par défaut : vide"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -6531,7 +6544,7 @@ msgstr ""
- "être activée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -6543,12 +6556,12 @@ msgstr ""
- "correct."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Les valeurs suivantes sont autorisées :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -6557,7 +6570,7 @@ msgstr ""
- "pour déterminer si le compte a expiré."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -6570,7 +6583,7 @@ msgstr ""
- "d'expiration du compte est aussi vérifiée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -6581,7 +6594,7 @@ msgstr ""
- "l'accès est autorisé ou non."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -6594,7 +6607,7 @@ msgstr ""
- "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -6605,24 +6618,24 @@ msgstr ""
- "ldap_account_expire_policy de fonctionner."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Liste séparées par des virgules des options de contrôles d'accès. Les "
- "valeurs autorisées sont :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6632,14 +6645,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6652,12 +6665,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -6667,7 +6680,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -6677,20 +6690,20 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -6699,32 +6712,32 @@ msgstr ""
- "authorizedService pour déterminer l'accès"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Par défaut : filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -6733,12 +6746,12 @@ msgstr ""
- "de configuration."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -6747,22 +6760,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (chaînes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -6771,12 +6784,12 @@ msgstr ""
- "recherche. Les options suivantes sont autorisées :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -6786,7 +6799,7 @@ msgstr ""
- "recherche."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -6795,7 +6808,7 @@ msgstr ""
- "la localisation de l'objet de base de la recherche."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -6804,7 +6817,7 @@ msgstr ""
- "recherche et et la localisation de l'objet de base de la recherche."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -6813,12 +6826,12 @@ msgstr ""
- "bibliothèques clientes LDAP)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -6827,7 +6840,7 @@ msgstr ""
- "LDAP pour les serveurs qui utilisent le schéma RFC2307."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6845,7 +6858,7 @@ msgstr ""
- "initgoups()."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6856,36 +6869,29 @@ msgstr ""
- "ajoutent les utilisateurs locaux aux groupes LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -6895,19 +6901,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Toutes les options de configuration communes appliquées aux domaines SSSD "
--"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE "
--"DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de "
--"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "OPTIONS DE SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6915,12 +6916,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -6930,7 +6931,7 @@ msgstr ""
- "règles qui sont stockées sur le serveur)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -6939,17 +6940,17 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Par défaut : 21600 (6 heures)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6957,7 +6958,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -6966,7 +6967,7 @@ msgstr ""
- "modifyTimestamp est utilisé à la place."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6976,12 +6977,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -6991,12 +6992,12 @@ msgstr ""
- "noms de systèmes)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -7005,7 +7006,7 @@ msgstr ""
- "doivent être utilisés pour filtrer les règles."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -7014,8 +7015,8 @@ msgstr ""
- "nom de système et le nom de domaine pleinement qualifié."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -7024,17 +7025,17 @@ msgstr ""
- "emphasis>, alors cette option n'a aucun effet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Par défaut : non spécifié"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7043,7 +7044,7 @@ msgstr ""
- "IPv6 qui doivent être utilisés pour filtrer les règles."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7052,12 +7053,12 @@ msgstr ""
- "automatiquement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7066,12 +7067,12 @@ msgstr ""
- "netgroup dans l'attribut sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7080,14 +7081,14 @@ msgstr ""
- "un joker dans l'attribut sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7100,59 +7101,59 @@ msgstr ""
- "manvolnum></citerefentry>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "OPTIONS AUTOFS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "Le nom de la table de montage automatique maîtresse dans LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Par défaut : auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "OPTIONS AVANCÉES"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (chaînes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (chaînes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (chaînes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7161,22 +7162,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7185,14 +7186,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EXEMPLE"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7203,7 +7204,7 @@ msgstr ""
- "replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7223,27 +7224,27 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7269,13 +7270,13 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTES"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -8912,7 +8913,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (booléen)"
-
-@@ -8927,7 +8928,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -8949,12 +8950,12 @@ msgstr ""
- "configuration."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (entier)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8981,12 +8982,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Par défaut : 1200 (secondes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -9014,17 +9015,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -9032,7 +9033,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -9067,7 +9068,7 @@ msgstr ""
- "seront utilisés comme serveurs de repli"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (entier)"
-
-@@ -9084,12 +9085,12 @@ msgstr ""
- "configurée à true."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -9114,12 +9115,12 @@ msgid "Default: False (disabled)"
- msgstr "Par défaut : False (désactivé)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -9128,48 +9129,48 @@ msgstr ""
- "communication avec le serveur DNS."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -9295,26 +9296,26 @@ msgstr ""
- "convertit en DN de base pour effectuer les opérations LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr "krb5_confd_path (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -10807,9 +10808,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (booléen)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -10826,19 +10845,19 @@ msgstr ""
- "<quote>dyndns_iface</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Par défaut : 3600 (secondes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -10848,12 +10867,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Par défaut : True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -10864,7 +10883,7 @@ msgstr ""
- "exemples montrent seulement les options spécifiques au fournisseur AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -10888,7 +10907,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -10900,7 +10919,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -10911,7 +10930,7 @@ msgstr ""
- "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -10921,7 +10940,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -11500,17 +11519,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
--#| "debug messages will be sent to stderr."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur "
--"quelconque, des messages de débogage seront envoyés sur la sortie standard "
--"d'erreur."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -12698,21 +12710,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for "
--#| "more information on the locator plugin."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"Consulter la page de manuel de <citerefentry> "
--"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</"
--"manvolnum> </citerefentry> pour plus d'informations sur le greffon de "
--"localisation."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -15443,26 +15446,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the AD provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"Cette page de manuel décrit la configuration du fournisseur AD pour "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section "
--"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -15491,10 +15480,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (entier)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -15508,10 +15495,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id,max_id (entier)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -15522,17 +15507,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Par défaut : 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (entier)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -15543,10 +15524,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Par défaut : 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15747,17 +15726,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "user_attributes = +telephoneNumber, -loginShell\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"user_attributes = +telephoneNumber, -loginShell\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
-@@ -16026,10 +16000,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (chaînes)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -16048,28 +16020,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "Fournisseur LDAP SSSD"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -16077,11 +16037,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> "
--"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
--"citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel "
--"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--"manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -16950,10 +16905,8 @@ msgstr "ldap_group_modify_timestamp (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (chaîne)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -17178,10 +17131,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "SECTIONS DE SERVICES"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -17429,10 +17380,8 @@ msgstr "Par défaut : sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "OPTIONS AUTOFS"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -17734,10 +17683,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (entier)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -18898,20 +18845,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Par défaut : homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (entier)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
-diff --git a/src/man/po/ja.po b/src/man/po/ja.po
-index 5231f970b..85dd3f49c 100644
---- a/src/man/po/ja.po
-+++ b/src/man/po/ja.po
-@@ -9,9 +9,9 @@
- # Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2019-05-28 11:45+0000\n"
- "Last-Translator: Keiko Moriguchi <kemorigu@redhat.com>\n"
- "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
-@@ -322,9 +322,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "初期値: true"
-@@ -344,16 +344,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "初期値: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -382,7 +382,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "初期値: 10"
-
-@@ -566,10 +566,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (論理値)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -585,21 +583,11 @@ msgstr "try_inotify (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD は、内部 DNS リゾルバーを更新する必要となるときを認識するために、resolv."
--"conf の状態を監視します。初期状態では、このために inotify を使用しようとしま"
--"す。inotify が使用できない場合 5 秒ごとに resolv.conf をポーリングするよう"
--"フォールバックします。"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -714,8 +702,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -824,10 +812,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "初期値: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1864,7 +1850,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "初期値: 0"
-
-@@ -1928,7 +1914,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "初期値: none"
-
-@@ -1993,8 +1979,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "初期値: 偽"
-@@ -2335,10 +2321,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set, i.e. FAST is not used."
- msgid "Default: not set, all found rules are used"
--msgstr "初期値: 設定されません、つまり FAST が使用されません。"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5378,17 +5362,38 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "初期値: 900 (15 分)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (整数)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -5397,17 +5402,17 @@ msgstr ""
- "バーは 1 要求あたりの最大数の制限を強制します。"
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "初期値: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5418,7 +5423,7 @@ msgstr ""
- "ことを報告する場合に、このオプションが使用されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -5428,7 +5433,7 @@ msgstr ""
- "す。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5439,17 +5444,17 @@ msgstr ""
- "があります。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Active Directory の範囲の取得を無効化します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5459,12 +5464,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5472,17 +5477,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (整数)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5490,7 +5510,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5501,7 +5521,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5510,7 +5530,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5518,12 +5538,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -5532,7 +5552,7 @@ msgstr ""
- "クするものを指定します。以下の値のうち 1 つを指定できます:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5541,7 +5561,7 @@ msgstr ""
- "確認しません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5552,7 +5572,7 @@ msgstr ""
- "無視され、セッションが通常通り進められます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5563,7 +5583,7 @@ msgstr ""
- "ンが直ちに終了します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5573,22 +5593,22 @@ msgstr ""
- "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "初期値: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -5598,7 +5618,7 @@ msgstr ""
- "書を含むファイルを指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -5607,12 +5627,12 @@ msgstr ""
- "filename> にあります"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5625,32 +5645,32 @@ msgstr ""
- "ます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "クライアントのキーを含むファイルを指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5658,12 +5678,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -5672,12 +5692,12 @@ msgstr ""
- "用する必要がある id_provider 接続を指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5685,18 +5705,18 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5707,24 +5727,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5735,12 +5755,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5753,7 +5773,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5765,17 +5785,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "初期値: host/hostname@REALM"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5783,17 +5803,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "初期値: krb5_realm の値"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -5802,33 +5822,33 @@ msgstr ""
- "するために逆引きを実行します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "初期値: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5836,28 +5856,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "初期値: 86400 (24 時間)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5869,7 +5889,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5880,7 +5900,7 @@ msgstr ""
- "ば _tcp にフォールバックします。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5891,27 +5911,27 @@ msgstr ""
- "quote> を使用するよう設定ファイルを移行することが推奨されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -5920,12 +5940,12 @@ msgstr ""
- "します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5935,7 +5955,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5946,12 +5966,12 @@ msgstr ""
- "manvolnum> </citerefentry> マニュアルページを参照ください。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -5960,7 +5980,7 @@ msgstr ""
- "す。以下の値が許容されます:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -5969,7 +5989,7 @@ msgstr ""
- "ンはサーバー側のパスワードポリシーを無効にできません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5980,7 +6000,7 @@ msgstr ""
- "manvolnum></citerefentry> 形式の属性を使用します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5991,24 +6011,24 @@ msgstr ""
- "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr "自動参照追跡が有効化されるかを指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6017,7 +6037,7 @@ msgstr ""
- "sssd のみが参照追跡をサポートすることに注意してください。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6026,28 +6046,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "サービス検索が有効にされているときに使用するサービスの名前を指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "初期値: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6056,29 +6076,29 @@ msgstr ""
- "を検索するために使用するサービスの名前を指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -6094,12 +6114,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "例:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -6108,14 +6128,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -6124,17 +6144,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "初期値: 空白"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -6143,7 +6163,7 @@ msgstr ""
- "ます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -6154,12 +6174,12 @@ msgstr ""
- "否します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "以下の値が許可されます:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -6168,7 +6188,7 @@ msgstr ""
- "ldap_user_shadow_expire の値を使用します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -6177,7 +6197,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -6188,7 +6208,7 @@ msgstr ""
- "ldap_ns_account_lock の値を使用します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -6201,7 +6221,7 @@ msgstr ""
- "クセスが許可されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -6209,23 +6229,23 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6235,14 +6255,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6255,12 +6275,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -6270,7 +6290,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -6280,20 +6300,20 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -6302,44 +6322,44 @@ msgstr ""
- "authorizedService 属性を使用します"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "初期値: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr "値が複数使用されていると設定エラーになることに注意してください。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -6348,22 +6368,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -6372,12 +6392,12 @@ msgstr ""
- "ションが許容されます:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -6386,7 +6406,7 @@ msgstr ""
- "決されますが、検索のベースオブジェクトの位置を探すときはされません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -6395,7 +6415,7 @@ msgstr ""
- "すときのみ参照解決されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -6404,7 +6424,7 @@ msgstr ""
- "きも位置を検索するときも参照解決されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -6413,19 +6433,19 @@ msgstr ""
- "して取り扱われます)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6436,7 +6456,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6444,36 +6464,29 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -6483,19 +6496,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま"
--"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ"
--"クション</quote> を参照してください。 <placeholder type=\"variablelist\" id="
--"\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "SUDO オプション"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6503,19 +6511,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -6524,17 +6532,17 @@ msgstr ""
- "ります"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "初期値: 21600 (6 時間)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6542,14 +6550,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6559,24 +6567,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -6585,15 +6593,15 @@ msgstr ""
- "区切り一覧です。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -6602,17 +6610,17 @@ msgstr ""
- "ならば、このオプションは効果を持ちません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "初期値: 指定なし"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -6621,7 +6629,7 @@ msgstr ""
- "アドレスの空白区切り一覧です。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -6629,38 +6637,38 @@ msgstr ""
- "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6672,59 +6680,59 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "AUTOFS オプション"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "高度なオプション"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6733,22 +6741,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6757,14 +6765,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "例"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6775,7 +6783,7 @@ msgstr ""
- "す。"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6788,27 +6796,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6824,13 +6832,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "注記"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -8432,7 +8440,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (論理値)"
-
-@@ -8447,7 +8455,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -8465,12 +8473,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8491,12 +8499,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "初期値: 1200 (秒)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8520,17 +8528,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8538,7 +8546,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8565,7 +8573,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (整数)"
-
-@@ -8578,12 +8586,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8602,12 +8610,12 @@ msgid "Default: False (disabled)"
- msgstr "初期値: False (無効)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -8616,48 +8624,48 @@ msgstr ""
- "どうか。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8781,26 +8789,26 @@ msgstr ""
- "めに使用するベース DN に変換されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -10256,9 +10264,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (論理値)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -10268,19 +10294,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "初期値: 3600 (秒)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -10290,12 +10316,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "初期値: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -10306,7 +10332,7 @@ msgstr ""
- "AD プロバイダー固有のオプションのみ示してします。"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -10330,7 +10356,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -10342,7 +10368,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -10350,7 +10376,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -10360,7 +10386,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -10874,16 +10900,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
--#| "debug messages will be sent to stderr."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ"
--"セージが標準エラーに送られます。"
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -12030,20 +12050,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for "
--#| "more information on the locator plugin."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"位置情報プラグインの詳細は <citerefentry> "
--"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</"
--"manvolnum> </citerefentry> マニュアルページを参照ください。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -14711,25 +14723,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the IPA provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
--"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
--"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
--"ジの <quote>ファイル形式</quote> を参照してください。"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -14758,10 +14757,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (整数)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -14775,10 +14772,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id,max_id (整数)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -14789,17 +14784,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "初期値: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (整数)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -14810,10 +14801,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "初期値: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15288,10 +15277,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (文字列)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -15310,10 +15297,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
-@@ -15322,14 +15307,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -15337,11 +15314,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
--"<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して"
--"います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの "
--"<quote>ファイル形式</quote> セクションを参照してください。"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -16172,10 +16144,8 @@ msgstr "ldap_group_modify_timestamp (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (文字列)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -16393,10 +16363,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "サービスセクション"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -16637,10 +16605,8 @@ msgstr "初期値: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "AUTOFS オプション"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -16906,10 +16872,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (整数)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -17965,6 +17929,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "初期値: homeDirectory"
-diff --git a/src/man/po/lv.po b/src/man/po/lv.po
-index bd30342f9..fe1fe881a 100644
---- a/src/man/po/lv.po
-+++ b/src/man/po/lv.po
-@@ -7,9 +7,9 @@
- # Kristaps, 2012
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:00+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -297,9 +297,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -319,16 +319,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -357,7 +357,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Noklusējuma: 10"
-
-@@ -655,8 +655,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -765,10 +765,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: sha256"
--msgstr "Noklusējuma: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1738,7 +1736,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1802,7 +1800,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1867,8 +1865,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5037,34 +5035,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5072,14 +5089,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5087,17 +5104,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5107,12 +5124,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5120,17 +5137,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5138,7 +5168,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5149,7 +5179,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5158,7 +5188,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5166,26 +5196,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5193,7 +5223,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5201,7 +5231,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5209,41 +5239,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5252,32 +5282,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5285,24 +5315,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5310,17 +5340,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5331,24 +5361,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5359,12 +5389,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5377,7 +5407,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5389,17 +5419,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5407,49 +5437,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5457,28 +5487,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Noklusējuma: 86400 (24 stundas)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5490,7 +5520,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5498,7 +5528,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5506,39 +5536,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5548,7 +5578,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5556,26 +5586,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5583,7 +5613,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5591,31 +5621,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5624,56 +5654,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Noklusējuma: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5689,12 +5719,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Piemērs:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5703,14 +5733,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5719,24 +5749,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5744,19 +5774,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Atļautas šādas vērtības:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5765,7 +5795,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5773,7 +5803,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5782,7 +5812,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5790,22 +5820,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5815,14 +5845,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5835,12 +5865,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5850,7 +5880,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5860,63 +5890,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Noklusējuma: filtrēt"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5925,74 +5955,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6003,7 +6033,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6011,24 +6041,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6045,12 +6075,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6058,36 +6088,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6095,14 +6125,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6112,101 +6142,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6215,59 +6245,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "PAPLAŠINĀTĀS IESPĒJAS"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6276,22 +6306,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6300,14 +6330,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "PIEMĒRS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6315,7 +6345,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6328,27 +6358,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6364,13 +6394,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "PIEZĪMES"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7900,7 +7930,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7915,7 +7945,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7930,12 +7960,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7956,12 +7986,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7985,17 +8015,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8003,7 +8033,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8030,7 +8060,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8043,12 +8073,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8067,60 +8097,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8234,26 +8264,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9693,9 +9723,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9705,19 +9751,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9727,12 +9773,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9740,7 +9786,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9755,7 +9801,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9764,7 +9810,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9772,7 +9818,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9782,7 +9828,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13874,10 +13920,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "noildze (vesels skaitlis)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13903,10 +13947,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Noklusējuma: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13922,10 +13964,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Noklusējuma: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -14420,10 +14460,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
-diff --git a/src/man/po/nl.po b/src/man/po/nl.po
-index e05315677..640b8933d 100644
---- a/src/man/po/nl.po
-+++ b/src/man/po/nl.po
-@@ -6,9 +6,9 @@
- # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:02+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
-@@ -320,9 +320,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Standaard: true"
-@@ -342,16 +342,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -380,7 +380,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -559,10 +559,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "try_inotify (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "try_inotify (bool)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -578,21 +576,11 @@ msgstr "try_inotify (bool)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne "
--"DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om "
--"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden "
--"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -704,8 +692,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -814,10 +802,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 120"
- msgid "Default: sha256"
--msgstr "Standaard: 120"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1791,7 +1777,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Standaard: 0"
-
-@@ -1855,7 +1841,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1920,8 +1906,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5093,34 +5079,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "reconnection_retries (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "reconnection_retries (numeriek)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5128,14 +5135,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5143,17 +5150,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5163,12 +5170,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5176,17 +5183,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5194,7 +5214,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5205,7 +5225,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5214,7 +5234,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5222,26 +5242,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5249,7 +5269,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5257,7 +5277,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5265,41 +5285,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5308,32 +5328,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5341,24 +5361,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5366,17 +5386,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5387,24 +5407,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5415,12 +5435,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5433,7 +5453,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5445,17 +5465,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5463,49 +5483,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5513,28 +5533,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5546,7 +5566,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5554,7 +5574,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5562,39 +5582,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5604,7 +5624,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5612,26 +5632,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5639,7 +5659,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5647,31 +5667,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5680,56 +5700,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5745,12 +5765,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5759,14 +5779,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5775,24 +5795,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5800,19 +5820,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5821,7 +5841,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5829,7 +5849,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5838,7 +5858,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5846,22 +5866,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5871,14 +5891,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5891,12 +5911,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5906,7 +5926,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5916,63 +5936,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5981,74 +6001,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6059,7 +6079,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6067,24 +6087,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6101,12 +6121,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6114,36 +6134,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6151,14 +6171,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6168,101 +6188,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6271,59 +6291,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6332,22 +6352,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6356,14 +6376,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6371,7 +6391,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6384,27 +6404,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6420,13 +6440,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7956,7 +7976,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7971,7 +7991,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7986,12 +8006,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8012,12 +8032,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8041,17 +8061,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8059,7 +8079,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8086,7 +8106,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8099,12 +8119,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8123,60 +8143,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8290,26 +8310,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9749,9 +9769,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "debug_timestamps (bool)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "debug_timestamps (bool)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9761,19 +9799,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9783,12 +9821,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9796,7 +9834,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9811,7 +9849,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9820,7 +9858,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9828,7 +9866,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9838,7 +9876,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13930,10 +13968,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (numeriek)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13947,10 +13983,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "enum_cache_timeout (numeriek)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -13961,17 +13995,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 64"
--msgstr "Standaard: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "enum_cache_timeout (numeriek)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -13982,10 +14012,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 65536"
--msgstr "Standaard: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15488,10 +15516,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "SERVICES SECTIE"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-diff --git a/src/man/po/pt.po b/src/man/po/pt.po
-index a7796f3b9..f4e972337 100644
---- a/src/man/po/pt.po
-+++ b/src/man/po/pt.po
-@@ -6,9 +6,9 @@
- # Miguel Sousa <migueljorgesousa@sapo.pt>, 2011
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:05+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
-@@ -315,9 +315,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -337,16 +337,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Padrão: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -375,7 +375,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Padrão: 10"
-
-@@ -554,10 +554,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "try_inotify (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "try_inotify (boolean)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -679,8 +677,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -789,10 +787,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: sha256"
--msgstr "Padrão: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1762,7 +1758,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1826,7 +1822,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Padrão: none"
-
-@@ -1891,8 +1887,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5089,34 +5085,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "reconnection_retries (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "reconnection_retries (integer)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Padrão: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5124,14 +5141,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5139,17 +5156,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5159,12 +5176,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5172,17 +5189,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_page_size (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_page_size (integer)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5190,7 +5222,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5201,7 +5233,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5210,7 +5242,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5218,19 +5250,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5239,7 +5271,7 @@ msgstr ""
- "qualquer certificado de servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5247,7 +5279,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5255,7 +5287,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5263,41 +5295,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Padrão: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5306,32 +5338,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5339,24 +5371,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5364,17 +5396,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5385,24 +5417,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5413,12 +5445,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5431,7 +5463,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5443,17 +5475,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5461,50 +5493,50 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Padrão: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5512,28 +5544,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Padrão: 86400 (24 horas)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5545,7 +5577,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5553,7 +5585,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5561,39 +5593,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5603,7 +5635,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5611,26 +5643,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5638,7 +5670,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5646,31 +5678,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5679,56 +5711,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5744,12 +5776,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5758,14 +5790,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5774,24 +5806,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5799,19 +5831,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5820,7 +5852,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5828,7 +5860,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5837,7 +5869,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5845,22 +5877,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5870,14 +5902,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5890,12 +5922,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5905,7 +5937,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5915,63 +5947,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Padrão: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5980,74 +6012,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6058,7 +6090,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6066,24 +6098,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6100,12 +6132,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6113,36 +6145,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6150,14 +6182,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6167,101 +6199,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6270,59 +6302,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "OPÇÕES AVANÇADAS"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6331,22 +6363,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6355,14 +6387,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EXEMPLO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6370,7 +6402,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6383,27 +6415,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6419,13 +6451,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTAS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7955,7 +7987,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7970,7 +8002,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7985,12 +8017,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8011,12 +8043,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8040,17 +8072,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8058,7 +8090,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8085,7 +8117,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8098,12 +8130,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8122,60 +8154,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8289,26 +8321,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9748,9 +9780,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (boolean)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9760,19 +9810,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9782,12 +9832,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Padrão: TRUE"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9795,7 +9845,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9810,7 +9860,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9819,7 +9869,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9827,7 +9877,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9837,7 +9887,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13949,10 +13999,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccaches (integer)"
--msgstr "ldap_page_size (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13966,10 +14014,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id,max_id (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -13980,17 +14026,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Padrão: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -14001,10 +14043,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Padrão: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -14479,10 +14519,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (string)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -14501,10 +14539,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
-@@ -15296,10 +15332,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_search_base (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_search_base (string)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -15998,10 +16032,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (integer)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -17029,6 +17061,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Padrão: homeDirectory"
-diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
-index 368e3beca..95d0fee52 100644
---- a/src/man/po/pt_BR.po
-+++ b/src/man/po/pt_BR.po
-@@ -2,9 +2,9 @@
- # Rodrigo de Araujo Sousa Fonseca <rodrigodearaujo@fedoraproject.org>, 2017. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2017-01-29 10:11+0000\n"
- "Last-Translator: Rodrigo de Araujo Sousa Fonseca "
- "<rodrigodearaujo@fedoraproject.org>\n"
-@@ -291,9 +291,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -313,16 +313,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -351,7 +351,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -649,8 +649,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -1730,7 +1730,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1794,7 +1794,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1859,8 +1859,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5029,34 +5029,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5064,14 +5083,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5079,17 +5098,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5099,12 +5118,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5112,17 +5131,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5130,7 +5162,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5141,7 +5173,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5150,7 +5182,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5158,26 +5190,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5185,7 +5217,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5193,7 +5225,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5201,41 +5233,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5244,32 +5276,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5277,24 +5309,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5302,17 +5334,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5323,24 +5355,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5351,12 +5383,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5369,7 +5401,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5381,17 +5413,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5399,49 +5431,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5449,28 +5481,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5482,7 +5514,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5490,7 +5522,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5498,39 +5530,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5540,7 +5572,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5548,26 +5580,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5575,7 +5607,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5583,31 +5615,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5616,56 +5648,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5681,12 +5713,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5695,14 +5727,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5711,24 +5743,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5736,19 +5768,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5757,7 +5789,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5765,7 +5797,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5774,7 +5806,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5782,22 +5814,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5807,14 +5839,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5827,12 +5859,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5842,7 +5874,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5852,63 +5884,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5917,74 +5949,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -5995,7 +6027,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6003,24 +6035,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6037,12 +6069,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6050,36 +6082,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6087,14 +6119,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6104,101 +6136,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6207,59 +6239,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6268,22 +6300,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6292,14 +6324,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6307,7 +6339,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6320,27 +6352,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6356,13 +6388,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7892,7 +7924,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7907,7 +7939,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7922,12 +7954,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7948,12 +7980,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7977,17 +8009,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -7995,7 +8027,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8022,7 +8054,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8035,12 +8067,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8059,60 +8091,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8226,26 +8258,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9685,9 +9717,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9697,19 +9745,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9719,12 +9767,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9732,7 +9780,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9747,7 +9795,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9756,7 +9804,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9764,7 +9812,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9774,7 +9822,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-diff --git a/src/man/po/ru.po b/src/man/po/ru.po
-index 2325daba0..79c0c1b77 100644
---- a/src/man/po/ru.po
-+++ b/src/man/po/ru.po
-@@ -6,9 +6,9 @@
- # Artyom Kunyov <artkun@guitarplayer.ru>, 2012
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:07+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -296,9 +296,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -318,16 +318,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "По умолчанию: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -356,7 +356,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "По умолчанию: 10"
-
-@@ -654,8 +654,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -764,10 +764,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "По умолчанию: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1737,7 +1735,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1801,7 +1799,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1866,8 +1864,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5036,34 +5034,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "reconnection_retries (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "попыток_соединения (целое число)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5071,14 +5090,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5086,17 +5105,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5106,12 +5125,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5119,17 +5138,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5137,7 +5169,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5148,7 +5180,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5157,7 +5189,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5165,26 +5197,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5192,7 +5224,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5200,7 +5232,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5208,41 +5240,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5251,32 +5283,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5284,24 +5316,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5309,17 +5341,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5330,24 +5362,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5358,12 +5390,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5376,7 +5408,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5388,17 +5420,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5406,49 +5438,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5456,28 +5488,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5489,7 +5521,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5497,7 +5529,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5505,39 +5537,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5547,7 +5579,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5555,26 +5587,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5582,7 +5614,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5590,31 +5622,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5623,56 +5655,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5688,12 +5720,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5702,14 +5734,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5718,24 +5750,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5743,19 +5775,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5764,7 +5796,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5772,7 +5804,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5781,7 +5813,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5789,22 +5821,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5814,14 +5846,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5834,12 +5866,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5849,7 +5881,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5859,63 +5891,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5924,74 +5956,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6002,7 +6034,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6010,24 +6042,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6044,12 +6076,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6057,36 +6089,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6094,14 +6126,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6111,101 +6143,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6214,59 +6246,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6275,22 +6307,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6299,14 +6331,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "ПРИМЕР"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6314,7 +6346,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6327,27 +6359,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6363,13 +6395,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7899,7 +7931,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7914,7 +7946,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7929,12 +7961,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7955,12 +7987,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7984,17 +8016,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8002,7 +8034,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8029,7 +8061,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8042,12 +8074,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8066,60 +8098,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8233,26 +8265,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9692,9 +9724,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9704,19 +9752,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9726,12 +9774,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9739,7 +9787,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9754,7 +9802,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9763,7 +9811,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9771,7 +9819,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9781,7 +9829,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13900,10 +13948,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 64"
--msgstr "По умолчанию: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13919,10 +13965,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 65536"
--msgstr "По умолчанию: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -16939,6 +16983,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "По умолчанию: homeDirectory"
-diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
-index fac55fd72..d8bcf2ee5 100644
---- a/src/man/po/sssd-docs.pot
-+++ b/src/man/po/sssd-docs.pot
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:29+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:39+0100\n"
- "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
- "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
- "Language-Team: LANGUAGE <LL@li.org>\n"
-@@ -254,7 +254,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
-+#: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-
-@@ -271,12 +271,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
-+#: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028 include/autofs_attributes.xml:1
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028 include/autofs_attributes.xml:1
- msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
-
-@@ -299,7 +299,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -599,7 +599,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
- msgid "Default: not set"
- msgstr ""
-
-@@ -1672,7 +1672,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1733,7 +1733,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 sssd-ldap.5.xml:1039
-+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1798,7 +1798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 include/ldap_id_mapping.xml:244
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-
-@@ -4964,34 +4964,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single "
- "request. Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -4999,7 +5018,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use "
-@@ -5007,7 +5026,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5015,17 +5034,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5035,12 +5054,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5048,17 +5067,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5066,7 +5098,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to "
- "0. Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5077,7 +5109,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5086,7 +5118,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5094,26 +5126,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5121,7 +5153,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5129,7 +5161,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5137,41 +5169,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in "
- "<filename>/etc/openldap/ldap.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5180,32 +5212,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5213,24 +5245,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem "
- "class=\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5238,17 +5270,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5259,24 +5291,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5287,12 +5319,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5305,7 +5337,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5317,17 +5349,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5335,49 +5367,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5385,29 +5417,29 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is "
- "used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of "
-@@ -5419,7 +5451,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5427,7 +5459,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of "
- "SSSD. While the legacy name is recognized for the time being, users are "
-@@ -5436,39 +5468,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5478,7 +5510,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> "
- "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> "
-@@ -5487,26 +5519,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client "
- "side. The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use "
- "<citerefentry><refentrytitle>shadow</refentrytitle> "
-@@ -5515,7 +5547,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5523,31 +5555,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5556,56 +5588,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5622,12 +5654,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5636,14 +5668,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5652,24 +5684,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5677,19 +5709,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5698,7 +5730,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
- "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
-@@ -5706,7 +5738,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5715,7 +5747,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option "
- "<emphasis>must</emphasis> include <quote>expire</quote> in order for the "
-@@ -5723,22 +5755,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5748,7 +5780,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the "
- "<quote>ppolicy</quote> option and might be removed in a future release. "
-@@ -5756,7 +5788,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5769,12 +5801,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5784,7 +5816,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5794,38 +5826,38 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control "
-@@ -5833,24 +5865,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5859,74 +5891,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -5937,7 +5969,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -5945,24 +5977,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -5979,12 +6011,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -5992,36 +6024,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval "
- "</emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6029,14 +6061,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6046,100 +6078,100 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is "
- "<emphasis>false</emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6148,59 +6180,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6209,22 +6241,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6233,12 +6265,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:130 sssd-session-recording.5.xml:144
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6246,7 +6278,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6259,24 +6291,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6292,12 +6324,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7831,7 +7863,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7846,7 +7878,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7861,12 +7893,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7887,12 +7919,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7916,17 +7948,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -7934,7 +7966,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -7962,7 +7994,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -7975,12 +8007,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -7999,60 +8031,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8166,26 +8198,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-
-@@ -9622,9 +9654,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9634,19 +9682,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9656,12 +9704,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and "
- "example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
-@@ -9669,7 +9717,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9684,7 +9732,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9693,7 +9741,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9701,7 +9749,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9711,7 +9759,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-diff --git a/src/man/po/sv.po b/src/man/po/sv.po
-index edd640ae9..27f4ddb41 100644
---- a/src/man/po/sv.po
-+++ b/src/man/po/sv.po
-@@ -2,9 +2,9 @@
- # Göran Uddeborg <goeran@uddeborg.se>, 2019. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2019-11-11 02:33+0000\n"
- "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
- "Language-Team: Swedish\n"
-@@ -344,9 +344,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Standard: true"
-@@ -368,16 +368,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Standard: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -409,7 +409,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Standard: 10"
-
-@@ -619,10 +619,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (boolean)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -638,21 +636,11 @@ msgstr "try_inotify (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD övervakar tillståndet hos resolv.conf för att identifiera när den "
--"behöver uppdatera sin interna DNS-uppslagning. Som standard kommer vi "
--"försöka använda inotify till detta, och kommer falla tillbaka på att polla "
--"resolv.conf var femte sekund om inotify inte kan användas."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -770,13 +758,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -787,16 +768,10 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Observera att om detta alternativ anges måste alla användare från den "
--"primära domänen använda sitt fullständigt kvalificerade namn, t.ex. "
--"användare@domän.namn, för att logga in. Att ange detta alternativ ändrar "
--"standardet på use_fully_qualified_names till True. Det är inte tillåtet att "
--"använda detta alternativ tillsammans med use_fully_qualified_names satt "
--"till False."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -866,10 +841,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:483
--#, fuzzy
--#| msgid "no_ocsp"
- msgid "soft_ocsp"
--msgstr "no_ocsp"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:485 sssd.conf.5.xml:585
-@@ -919,10 +892,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Standard: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -2097,7 +2068,7 @@ msgstr ""
- "<emphasis>pwd_expiration_warning</emphasis> för en viss domän."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Standard: 0"
-
-@@ -2174,7 +2145,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Standard: none"
-
-@@ -2251,8 +2222,8 @@ msgstr ""
- "autentiseringsprocessen är detta alternativ avaktiverat som standard."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Default: False"
-@@ -2626,10 +2597,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (sträng)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2650,10 +2619,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Default: not set (blanka kommer inte ersättas)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -3312,13 +3279,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2263
--#, fuzzy
--#| msgid ""
--#| "This option specifies the maximum allowed number of nested containers."
- msgid "This option is automatically inherited for all trusted domains."
- msgstr ""
--"Detta alternativ specificerar det maximala antalet tillåtna nästlade "
--"behållare."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2267
-@@ -4531,13 +4493,6 @@ msgstr "hybrid"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3205
--#, fuzzy
--#| msgid ""
--#| "A primary group is autogenerated for user entries whose UID and GID "
--#| "numbers have the same value and at the same time the GID number does not "
--#| "correspond to a real group object in LDAP If the values are the same, but "
--#| "the primary GID in the user entry is also used by a group object, the "
--#| "primary GID of the user resolves to that group object."
- msgid ""
- "A primary group is autogenerated for user entries whose UID and GID numbers "
- "have the same value and at the same time the GID number does not correspond "
-@@ -4545,11 +4500,6 @@ msgid ""
- "GID in the user entry is also used by a group object, the primary GID of the "
- "user resolves to that group object."
- msgstr ""
--"En primär grupp autogenereras för användarposter vars UID- och GID-nummer "
--"har samma värde och GID-numret på samma gång inte motsvarar ett verkligt "
--"gruppobjekt i LDAP. Om värdena är samma, men det primära GID:t i "
--"användarposten även används av ett gruppobjekt slås användarens primära GID "
--"upp till det gruppobjektet. "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3218
-@@ -5291,22 +5241,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3693
--#, fuzzy
--#| msgid ""
--#| "With the growing number of authentication methods and the possibility "
--#| "that there are multiple ones for a single user the heuristic used by "
--#| "pam_sss to select the prompting might not be suitable for all use cases. "
--#| "To following options should provide a better flexibility here."
- msgid ""
- "With the growing number of authentication methods and the possibility that "
- "there are multiple ones for a single user the heuristic used by pam_sss to "
- "select the prompting might not be suitable for all use cases. The following "
- "options should provide a better flexibility here."
- msgstr ""
--"Med det växande antalet autentiseringsmetoder och möjligheten att det finns "
--"flera olika för en enskild användare kan det hända att heurestiken som "
--"används av pam_sss för att välja fråga inte är lämplig för alla "
--"användarfall. Följande alternativ bör ge en bättre flexibilitet här."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:3705
-@@ -5364,19 +5304,11 @@ msgstr "single_prompt"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3730
--#, fuzzy
--#| msgid ""
--#| "boolean value, if True there will be only a single prompt using the value "
--#| "of first_prompt where it is expected that both factor are entered as a "
--#| "single string"
- msgid ""
- "boolean value, if True there will be only a single prompt using the value of "
- "first_prompt where it is expected that both factors are entered as a single "
- "string"
- msgstr ""
--"booleskt värde, om True kommer det bara vara en fråga som använder värdet på "
--"first_prompt där det förväntas att båda faktorerna matas in som en enda "
--"sträng"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3719
-@@ -5389,37 +5321,19 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3700
--#, fuzzy
--#| msgid ""
--#| "Each supported authentication method has it's own configuration sub-"
--#| "section under <quote>[prompting/...]</quote>. Currently there are: "
--#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#| "\"variablelist\" id=\"1\"/>"
- msgid ""
- "Each supported authentication method has its own configuration subsection "
- "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
- "\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/>"
- msgstr ""
--"Varje autentiseringsmetod som stödjs har sin ege konfigurationsundersektion "
--"under <quote>[prompting/…]</quote>. För närvarande finns det: <placeholder "
--"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/"
--">"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3742
--#, fuzzy
--#| msgid ""
--#| "It is possible to add a sub-section for specific PAM services like e.g. "
--#| "<quote>[prompting/password/sshd]</quote> to individual change the "
--#| "prompting for this service."
- msgid ""
- "It is possible to add a subsection for specific PAM services, e.g. "
- "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
- "for this service."
- msgstr ""
--"Det är möjligt att lägga till en undersektion för specifika PAM-tjänster som "
--"t.ex. <quote>[prompting/password/sshd]</quote> för att ändra frågorna "
--"enskild för denna tjänst."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd.conf.5.xml:3749 idmap_sss.8.xml:43
-@@ -6200,17 +6114,38 @@ msgstr ""
- "(detta värde eller TGT-livslängden) användas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Standard: 900 (15 minuter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (heltal)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -6219,17 +6154,17 @@ msgstr ""
- "LDAP-servrar framtvingar en maximal gräns per begäran."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Standard: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -6240,7 +6175,7 @@ msgstr ""
- "RootDSE men det inte är aktiverat eller inte fungerar som det skall."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -6250,7 +6185,7 @@ msgstr ""
- "den."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -6261,17 +6196,17 @@ msgstr ""
- "att några begäranden nekas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Avaktivera Active Directory intervallhämtning."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -6287,12 +6222,12 @@ msgstr ""
- "medlemmar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -6303,17 +6238,40 @@ msgstr ""
- "detta alternativ är definierat av OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr "Standard: använd systemstandard (vanligen angivet i ldap.conf)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (heltal)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Vid kommunikation med en LDAP-server med SASL, ange den minsta "
-+"säkerhetsnivån som är nödvändig för att etablera förbindelsen. Värdet på "
-+"detta alternativ är definierat av OpenLDAP."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -6324,7 +6282,7 @@ msgstr ""
- "individuellt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -6341,7 +6299,7 @@ msgstr ""
- "rootDSE-objektet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -6354,7 +6312,7 @@ msgstr ""
- "OpenLDAP och Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -6365,12 +6323,12 @@ msgstr ""
- "oavsett denna inställning."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -6379,7 +6337,7 @@ msgstr ""
- "några. Det kan anges som ett av följande värden:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -6388,7 +6346,7 @@ msgstr ""
- "några servercertifikat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6399,7 +6357,7 @@ msgstr ""
- "tillhandahålls kommer det ignoreras och sessionen fortsätta normalt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6410,7 +6368,7 @@ msgstr ""
- "tillhandahålls avslutas sessionen omedelbart."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -6421,22 +6379,22 @@ msgstr ""
- "avslutas sessionen omedelbart."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = Samma som <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Standard: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -6445,7 +6403,7 @@ msgstr ""
- "<command>sssd</command> kommer godkänna."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -6454,12 +6412,12 @@ msgstr ""
- "openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -6473,32 +6431,32 @@ msgstr ""
- "namnen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr "Anger filen som innehåller certifikatet för klientens nyckel."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "Anger filen som innehåller klientens nyckel."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -6509,12 +6467,12 @@ msgstr ""
- "manvolnum></citerefentry> för formatet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -6523,12 +6481,12 @@ msgstr ""
- "\"protocol\">tls</systemitem> för att skydda kanalen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -6539,18 +6497,18 @@ msgstr ""
- "förlita sig på ldap_user_uid_number och ldap_group_gid_number."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "För närvarande stödjer denna funktion endast Active Direcotory objectSID"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr "ldap_min_id, ldap_max_id (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6568,17 +6526,17 @@ msgstr ""
- "Underdomäner kan sedan välja andra intervall för att översätta ID:n."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr "Standard: inte satt (båda alternativen är satta till 0)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
-@@ -6587,7 +6545,7 @@ msgstr ""
- "GSSAPI och GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6603,12 +6561,12 @@ msgstr ""
- "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6628,7 +6586,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6648,17 +6606,17 @@ msgstr ""
- "keytab."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Standard: host/värdnamn@RIKE"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6669,17 +6627,17 @@ msgstr ""
- "ignoreras detta alternativ."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Standard: värdet på krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6688,34 +6646,34 @@ msgstr ""
- "att ta fram värdnamnets kanoniska form under en SASL-bindning"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Standard: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
- "Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Standard: Systemets keytab, normalt <filename>/etc/krb5.keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6726,29 +6684,29 @@ msgstr ""
- "eller GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
- "Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Standard: 86400 (24 timmar)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6766,7 +6724,7 @@ msgstr ""
- "mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6777,7 +6735,7 @@ msgstr ""
- "hittas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6789,27 +6747,27 @@ msgstr ""
- "<quote>krb5_server</quote> istället."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr "Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr "Standard: Systemstandard, se <filename>/etc/krb5.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6818,12 +6776,12 @@ msgstr ""
- "servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -6838,7 +6796,7 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -6849,12 +6807,12 @@ msgstr ""
- "om lokaliseringsinsticksmodulen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -6863,7 +6821,7 @@ msgstr ""
- "värden är tillåtna:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -6872,7 +6830,7 @@ msgstr ""
- "alternativ kan inte avaktivera lösenordspolicyer på serversidan."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -6883,7 +6841,7 @@ msgstr ""
- "manvolnum></citerefentry> för att utvärdera om lösenordet har gått ut."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -6894,7 +6852,7 @@ msgstr ""
- "chpass_provider=krb5 för att uppdatera dessa attribut när läsenordet ändras."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -6903,17 +6861,17 @@ msgstr ""
- "kommer den alltid gå före framför policyn som sätts med detta alternativ."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr "Anger huruvida automatisk uppföljning av referenser skall aktiveras."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6922,7 +6880,7 @@ msgstr ""
- "kompilerad med OpenLDAP version 2.4.13 eller senare."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6935,28 +6893,28 @@ msgstr ""
- "alternativ till falskt medföra en märkbar prestandaförbättring."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Standard: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6965,17 +6923,17 @@ msgstr ""
- "lösenordsändringar när tjänsteupptäckte är aktiverat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -6984,12 +6942,12 @@ msgstr ""
- "dagar sedan epoken efter en ändring av lösenord."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -7017,12 +6975,12 @@ msgstr ""
- "manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Exempel:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -7034,7 +6992,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -7043,7 +7001,7 @@ msgstr ""
- "användare vars attribut employeeType är satt till ”admin”."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -7056,17 +7014,17 @@ msgstr ""
- "fortsätta ges åtkomst under frånkoppling, och vice versa."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Standard: Empty"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -7075,7 +7033,7 @@ msgstr ""
- "åtkomststyrningsattribut aktiveras."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -7086,12 +7044,12 @@ msgstr ""
- "felkod även om lösenordet är korrekt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Följande värden är tillåtna:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -7100,7 +7058,7 @@ msgstr ""
- "att avgöra om kontot har gått ut."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -7113,7 +7071,7 @@ msgstr ""
- "kontot kontrolleras också."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -7124,7 +7082,7 @@ msgstr ""
- "tillåts eller inte."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -7137,7 +7095,7 @@ msgstr ""
- "åtkomst."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -7148,23 +7106,23 @@ msgstr ""
- "ldap_account_expire_policy skall fungera."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: använd ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7179,7 +7137,7 @@ msgstr ""
- "fungera."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
-@@ -7189,7 +7147,7 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7210,12 +7168,12 @@ msgstr ""
- "måste vara satt för att denna funktion skall fungera."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -7230,7 +7188,7 @@ msgstr ""
- "exempel SSH-nycklar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -7244,7 +7202,7 @@ msgstr ""
- "pwd_expire_policy_renew – användaren ombeds ändra sitt lösenord omedelbart."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-@@ -7252,7 +7210,7 @@ msgstr ""
- "meddelande av SSSD."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
-@@ -7262,7 +7220,7 @@ msgstr ""
- "lämplig lösenordspolicy."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -7271,13 +7229,13 @@ msgstr ""
- "för att avgöra åtkomst"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: använd attributet host för att avgöra åtkomst"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
-@@ -7286,7 +7244,7 @@ msgstr ""
- "fjärrvärdar kan få åtkomst"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
-@@ -7296,12 +7254,12 @@ msgstr ""
- "åtkomstkontroll aktiveras"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Standard: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -7310,12 +7268,12 @@ msgstr ""
- "gång."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -7328,22 +7286,22 @@ msgstr ""
- "LDAP-servern inte kan kontrolleras ordentligt. "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Exempel: cn=ppolicy,ou=policies,dc=exempel,dc=se"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr "Standard: cn=ppolicy,ou=policies,$ldap_search_base"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -7352,12 +7310,12 @@ msgstr ""
- "alternativ är tillåtna:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr "<emphasis>never</emphasis>: Alias är aldrig derefererade."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -7366,7 +7324,7 @@ msgstr ""
- "basobjektet, men inte vid lokalisering basobjektet för sökningen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -7375,7 +7333,7 @@ msgstr ""
- "basobjektet för sökningen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -7384,7 +7342,7 @@ msgstr ""
- "lokalisering av basobjektet för sökningen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -7393,12 +7351,12 @@ msgstr ""
- "klientbiblioteken)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -7407,7 +7365,7 @@ msgstr ""
- "servrar som använder schemat RFC2307."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -7424,7 +7382,7 @@ msgstr ""
- "via anrop av getpw*() eller initgroups()."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -7435,12 +7393,12 @@ msgstr ""
- "de lokala användarna med de extra LDAP-grupperna."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr "wildcard_limit (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
-@@ -7449,25 +7407,18 @@ msgstr ""
- "jokertecken."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
- "För närvarande stödjer endast respondenten InfoPipe jockeruppslagningar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr "Standard: 1000 (ofta storleken på en sida)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -7477,19 +7428,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Alla de vanliga konfigurationsalternativen som gäller SSSD-domäner gäller "
--"även LDAP-domäner. Se avsnittet <quote>DOMÄNSEKTIONER</quote> av "
--"manualsidan <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--"<manvolnum>5</manvolnum> </citerefentry> för fullständiga detaljer. "
--"<placeholder type=\"variablelist\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "SUDOALTERNATIV"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -7500,12 +7446,12 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -7515,7 +7461,7 @@ msgstr ""
- "servern)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -7524,17 +7470,17 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Standard: 21600 (6 timmar)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -7545,7 +7491,7 @@ msgstr ""
- "USN-värde som för närvarande är känt av SSSD)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -7554,7 +7500,7 @@ msgstr ""
- "istället."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -7570,12 +7516,12 @@ msgstr ""
- "<emphasis>ldap_connection_expire_timeout</emphasis>)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -7584,12 +7530,12 @@ msgstr ""
- "(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -7598,7 +7544,7 @@ msgstr ""
- "domännamn som skall användas för att filtrera reglerna."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -7607,8 +7553,8 @@ msgstr ""
- "fullständigt kvalificerade domännamnet automatiskt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -7617,17 +7563,17 @@ msgstr ""
- "emphasis> har detta alternativ ingen effekt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Standard: inte angivet"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7636,7 +7582,7 @@ msgstr ""
- "skall användas för att filtrera reglerna."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7645,12 +7591,12 @@ msgstr ""
- "automatiskt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7659,12 +7605,12 @@ msgstr ""
- "attributet sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7673,7 +7619,7 @@ msgstr ""
- "attributet sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
-@@ -7682,7 +7628,7 @@ msgstr ""
- "LDAP-serversidan!"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7695,12 +7641,12 @@ msgstr ""
- "manvolnum> </citerefentry>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "AUTOFSALTERNATIV"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
-@@ -7708,47 +7654,47 @@ msgstr ""
- "Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "Namnet på automount master-kartan i LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Standard: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "AVANCERADE ALTERNATIV"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7761,22 +7707,22 @@ msgstr ""
- "avaktivera denna funktion om gruppnamn inte visas korrekt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7789,14 +7735,14 @@ msgstr ""
- "\"variablelist\" id=\"1\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EXEMPEL"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7806,7 +7752,7 @@ msgstr ""
- "till en av domänerna i avsnittet <replaceable>[domains]</replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7826,20 +7772,20 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr "LDAP-ÅTKOMSTFILTEREXEMPEL"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
-@@ -7848,7 +7794,7 @@ msgstr ""
- "ldap_access_order=lockout används."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7874,13 +7820,13 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTER"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -9784,7 +9730,7 @@ msgstr ""
- "identifiera denna värd. Värdnamnet måste vara fullständigt kvalificerat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (boolean)"
-
-@@ -9804,7 +9750,7 @@ msgstr ""
- "alternativet <quote>dyndns_iface</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -9824,12 +9770,12 @@ msgstr ""
- "använda <emphasis>dyndns_update</emphasis> i sin konfigurationsfil."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -9856,12 +9802,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Default: 1200 (sekunder)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -9894,17 +9840,17 @@ msgstr ""
- "förbindelsen"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr "Exempel: dyndns_iface = em1, vnet1, vnet2"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr "dyndns_auth (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -9915,7 +9861,7 @@ msgstr ""
- "sätta detta alternativ till ”none”."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr "Standard: GSS-TSIG"
-
-@@ -9949,7 +9895,7 @@ msgstr ""
- "upptäckten används som backup-servrar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (heltal)"
-
-@@ -9965,12 +9911,12 @@ msgstr ""
- "alternativ är valfritt och tillämpligt endast när dyndns_update är sann."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (bool)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -9993,12 +9939,12 @@ msgid "Default: False (disabled)"
- msgstr "Standard: False (avaktiverat)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (bool)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -10007,17 +9953,17 @@ msgstr ""
- "med DNS-servern."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr "Standard: False (låt nsupdate välja protokollet)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr "dyndns_server (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
-@@ -10026,7 +9972,7 @@ msgstr ""
- "flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
-@@ -10035,7 +9981,7 @@ msgstr ""
- "skild från identitetsservern."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
-@@ -10045,17 +9991,17 @@ msgstr ""
- "inställningar misslyckas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr "Standard: Ingen (låt nsupdate välja servern)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr "dyndns_update_per_family (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -10183,12 +10129,12 @@ msgstr ""
- "till bas-DN:en för att användas när LDAP-operationer utförs."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr "krb5_confd_path (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
-@@ -10197,7 +10143,7 @@ msgstr ""
- "för Kerberos."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
-@@ -10206,7 +10152,7 @@ msgstr ""
- "”none”."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -11252,19 +11198,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:359
--#, fuzzy
--#| msgid ""
--#| "GPO-based access control functionality uses GPO policy settings to "
--#| "determine whether or not a particular user is allowed to logon to a "
--#| "particular host."
- msgid ""
- "GPO-based access control functionality uses GPO policy settings to determine "
- "whether or not a particular user is allowed to logon to the host. For more "
- "information on the supported policy settings please refer to the "
- "<quote>ad_gpo_map</quote> options."
- msgstr ""
--"GPO-baserad åtkomstkontrollsfunktionalitet använder GPO-policyinställningar "
--"för att avgöra huruvida en viss användare tillåts att logga på en viss värd."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:367
-@@ -11322,16 +11261,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:417
--#, fuzzy
--#| msgid ""
--#| "NOTE: If the operation mode is set to enforcing, it is possible that "
--#| "users that were previously allowed logon access will now be denied logon "
--#| "access (as dictated by the GPO policy settings). In order to facilitate a "
--#| "smooth transition for administrators, a permissive mode is available that "
--#| "will not enforce the access control rules, but will evaluate them and "
--#| "will output a syslog message if access would have been denied. By "
--#| "examining the logs, administrators can then make the necessary changes "
--#| "before setting the mode to enforcing."
- msgid ""
- "NOTE: If the operation mode is set to enforcing, it is possible that users "
- "that were previously allowed logon access will now be denied logon access "
-@@ -11344,14 +11273,6 @@ msgid ""
- "functions' is required (see <citerefentry> <refentrytitle>sssctl</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)."
- msgstr ""
--"OBS: Om arbetsläget är satt till tvingande är det möjligt att användare som "
--"tidigare tilläts inloggningsåtkomst nu kommer att nekas inloggningsåtkomst "
--"(som det dikteras av GPO-policyinställningarna). För att möjliggöra en "
--"smidig övergång för administratörer är ett tillåtande läge tillgängligt som "
--"inte kommer tvinga reglerna för åtkomstkontroll, men kommer beräkna dem och "
--"skriva ut ett syslog-meddelande om åtkomst skulle ha nekats. Genom att "
--"granska loggarna kan administratörer sedan göra de nödvändiga ändringarna "
--"före de ställer in arbetsläget till tvingande."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:436
-@@ -12012,9 +11933,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr "Standard: 86400:750 (24h och 15m)"
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (boolean)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -12030,12 +11969,12 @@ msgstr ""
- "på annat sätt med alternativet <quote>dyndns_iface</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Standard: 3600 (sekunder)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
-@@ -12044,7 +11983,7 @@ msgstr ""
- "förbindelsen"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -12059,12 +11998,12 @@ msgstr ""
- "mindre än 60 ges kommer parametern endast anta det lägsta värdet."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Standard: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -12075,7 +12014,7 @@ msgstr ""
- "exempel visar endast alternativ som är specifika för leverantören AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -12099,7 +12038,7 @@ msgstr ""
- "ad_domain = exempel.se\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -12111,7 +12050,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -12122,7 +12061,7 @@ msgstr ""
- "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -12137,7 +12076,7 @@ msgstr ""
- "krypteringsdetaljer) manuellt."
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -12754,16 +12693,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
--#| "applications will not use the fast in memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"Om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer "
--"klientprogram inte använda den snabba cachen i minnet."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -14016,38 +13949,20 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:518
--#, fuzzy
--#| msgid ""
--#| "The krb5_kdcinfo_lookahead option contains two numbers seperated by a "
--#| "colon. The first number represents number of primary servers used and the "
--#| "second number specifies the number of backup servers."
- msgid ""
- "The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. "
- "The first number represents number of primary servers used and the second "
- "number specifies the number of backup servers."
- msgstr ""
--"Alternativet krb5_kdcinfo_lookahead innehåller två tal separerade av ett "
--"kolon. Det första talet representerar antalet primärservrar som används och "
--"det andra talet anger antalet reservservrar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
--#| "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. but no backup "
--#| "servers."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"Till exempel betyder <emphasis>10:0</emphasis> att upp till 10 primärservrar "
--"kommer lämnas till<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. men inga "
--"reservservrar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -17121,21 +17036,11 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
- #: sssd-kcm.8.xml:61
--#, fuzzy
--#| msgid ""
--#| "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
--#| "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
--#| "citerefentry> secrets store, allowing the ccaches to survive KCM server "
--#| "restarts or machine reboots."
- msgid ""
- "the SSSD implementation stores the ccaches in a database, typically located "
- "at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to "
- "survive KCM server restarts or machine reboots."
- msgstr ""
--"SSSD-implementationen sparar ccache:rna i SSSD:s hemlighetsförråd "
--"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
--"manvolnum> </citerefentry>, vilket gör att ccache:rna kan överleva att KCM-"
--"servern eller hela maskinen startas om."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:67
-@@ -17322,24 +17227,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the files provider for <citerefentry> "
--#| "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
--#| "citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
--#| "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"Denna manualsida besriver filleverantören till <citerefentry> "
--"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
--"citerefentry>. För en detaljerad referens om syntaxen, se avsnittet "
--"<quote>FILFORMAT</quote> i manualsidan <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -17373,10 +17266,8 @@ msgstr "Standard: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "max_secrets (integer)"
- msgid "max_ccaches (integer)"
--msgstr "max_secrets (heltal)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -17390,10 +17281,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "max_uid_secrets (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "max_uid_secrets (heltal)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -17404,17 +17293,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Standard: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "max_payload_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "max_payload_size (heltal)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -17425,10 +17310,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Standard: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -17608,13 +17491,7 @@ msgstr "Känner av funktionen sdap_get_generic_ext_send()."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:152
--#, fuzzy, no-wrap
--#| msgid ""
--#| "base:string\n"
--#| "scope:integer\n"
--#| "filter:string\n"
--#| "probestr:string\n"
--#| " "
-+#, no-wrap
- msgid ""
- "base:string\n"
- "scope:integer\n"
-@@ -17623,11 +17500,6 @@ msgid ""
- "probestr:string\n"
- " "
- msgstr ""
--"base:sträng\n"
--"scope:heltal\n"
--"filter:sträng\n"
--"probestr:sträng\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:161
-@@ -17657,10 +17529,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:176
--#, fuzzy
--#| msgid "probe sdap_deref_send"
- msgid "probe sdap_parse_entry"
--msgstr "testpunkt sdap_deref_send"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:179
-@@ -17671,24 +17541,17 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "filter:string\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"filter:sträng\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
--#, fuzzy
--#| msgid "probe dp_req_done"
- msgid "probe sdap_parse_entry_done"
--msgstr "testpunkt dp_req_done"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:193
-@@ -17976,10 +17839,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (sträng)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -17998,28 +17859,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "SSSD LDAP-leverantör"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -18027,11 +17876,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"Denna manualsida beskriver beskriver konfigurationen av LDAP-domäner för "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Se avsnittet <quote>FILFORMAT</quote> av manualsidan "
--"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--"manvolnum> </citerefentry> för detaljerad syntaxinformation."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -18907,10 +18751,8 @@ msgstr "ldap_group_modify_timestamp (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (sträng)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -19132,10 +18974,8 @@ msgstr "LDAP-attributet som innehåller UUID/GUID för ett LDAP-värdobjekt."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "TJÄNSTESEKTIONER"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -19380,10 +19220,8 @@ msgstr "Standard: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "AUTOFSALTERNATIV"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -19691,19 +19529,15 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
--#, fuzzy
--#| msgid "How long would SSSD talk to a single DNS server."
- msgid ""
- "Time in milliseconds that sets how long would SSSD talk to a single DNS "
- "server before trying next one."
--msgstr "Hur länge SSSD skall prata med en enskild DNS-server."
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:90
-@@ -19749,13 +19583,6 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
- #: include/failover.xml:123
--#, fuzzy
--#| msgid ""
--#| "For LDAP-based providers, the resolve operation is performed as part of "
--#| "an LDAP connection operation. Therefore, also the "
--#| "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value "
--#| "than <quote>dns_resolver_timeout</quote> which in turn should be set to a "
--#| "larger value than <quote>dns_resolver_op_timeout</quote>."
- msgid ""
- "For LDAP-based providers, the resolve operation is performed as part of an "
- "LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
-@@ -19764,11 +19591,6 @@ msgid ""
- "value than <quote>dns_resolver_op_timeout</quote> which should be larger "
- "than <quote>dns_resolver_server_timeout</quote>."
- msgstr ""
--"För LDAP-baserade leverantörer utförs uppslagningsoperationen som en del av "
--"LDAP-anslutningsoperationen. Därför skall även tidsgränsen "
--"<quote>ldap_opt_timeout></quote> sättas till ett större värde än "
--"<quote>dns_resolver_timeout</quote> som i sin tur skall sättas till ett "
--"större värde än <quote>dns_resolver_op_timeout</quote>."
-
- #. type: Content of: <refsect1><title>
- #: include/ldap_id_mapping.xml:2
-@@ -21008,93 +20830,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier"
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr "ldap_group_external_member = ipaExternalMember"
--
--#~ msgid ""
--#~ "The background refresh will process users, groups and netgroups in the "
--#~ "cache."
--#~ msgstr ""
--#~ "Bakgrundsuppdateringen kommer bearbeta användare, grupper och nätgrupper "
--#~ "i cachen."
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Standard: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (heltal)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the InteractiveLogonRight and "
--#~ "DenyInteractiveLogonRight policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna "
--#~ "InteractiveLogonRight och DenyInteractiveLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the RemoteInteractiveLogonRight and "
--#~ "DenyRemoteInteractiveLogonRight policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna "
--#~ "RemoteInteractiveLogonRight och DenyRemoteInteractiveLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the NetworkLogonRight and "
--#~ "DenyNetworkLogonRight policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna "
--#~ "NetworkLogonRight och DenyNetworkLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
--#~ "policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna BatchLogonRight "
--#~ "och DenyBatchLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the ServiceLogonRight and "
--#~ "DenyServiceLogonRight policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna "
--#~ "ServiceLogonRight och DenyServiceLogonRight."
--
--#~ msgid ""
--#~ "The KCM service is configured in the <quote>kcm</quote> section of the "
--#~ "sssd.conf file. Please note that currently, is it not sufficient to "
--#~ "restart the sssd-kcm service, because the sssd configuration is only "
--#~ "parsed and read to an internal configuration database by the sssd "
--#~ "service. Therefore you must restart the sssd service if you change "
--#~ "anything in the <quote>kcm</quote> section of sssd.conf. For a detailed "
--#~ "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
--#~ "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--#~ "manvolnum> </citerefentry> manual page."
--#~ msgstr ""
--#~ "Tjänsten KCM konfigureras i avsnittet <quote>kcm</quote> av filen sssd."
--#~ "conf file. Observera att för närvarande är det inte tillräckligt att "
--#~ "starta om tjänsten sssd-kcm, eftersom konfigurationen av sssd bara tolkas "
--#~ "och läses till en intern konfigurationsdatabas av tjänsten sssd. Därför "
--#~ "måste man starta om tjänsten sssd om man ändrar något i avsnittet "
--#~ "<quote>kcm</quote> av sssd.conf. för en detaljerad syntaxreferens, se "
--#~ "avsnittet <quote>FILFORMAT</quote> manualsidan <citerefentry> "
--#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#~ "citerefentry>."
-diff --git a/src/man/po/tg.po b/src/man/po/tg.po
-index d723e7aa1..079c73eca 100644
---- a/src/man/po/tg.po
-+++ b/src/man/po/tg.po
-@@ -5,9 +5,9 @@
- # Translators:
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:10+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
-@@ -294,9 +294,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Пешфарз: true"
-@@ -316,16 +316,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Пешфарз: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -354,7 +354,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Пешфарз: 10"
-
-@@ -652,8 +652,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -762,10 +762,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Пешфарз: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1735,7 +1733,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Пешфарз: 0"
-
-@@ -1799,7 +1797,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1864,8 +1862,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5034,34 +5032,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5069,14 +5086,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5084,17 +5101,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5104,12 +5121,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5117,17 +5134,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5135,7 +5165,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5146,7 +5176,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5155,7 +5185,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5163,26 +5193,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5190,7 +5220,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5198,7 +5228,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5206,41 +5236,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5249,32 +5279,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5282,24 +5312,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5307,17 +5337,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5328,24 +5358,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5356,12 +5386,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5374,7 +5404,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5386,17 +5416,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5404,49 +5434,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Пешфарз: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5454,28 +5484,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5487,7 +5517,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5495,7 +5525,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5503,39 +5533,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5545,7 +5575,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5553,26 +5583,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5580,7 +5610,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5588,31 +5618,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5621,56 +5651,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5686,12 +5716,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Намуна:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5700,14 +5730,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5716,24 +5746,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5741,19 +5771,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5762,7 +5792,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5770,7 +5800,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5779,7 +5809,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5787,22 +5817,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5812,14 +5842,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5832,12 +5862,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5847,7 +5877,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5857,63 +5887,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5922,74 +5952,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6000,7 +6030,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6008,24 +6038,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6042,12 +6072,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6055,36 +6085,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6092,14 +6122,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6109,101 +6139,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6212,59 +6242,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6273,22 +6303,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6297,14 +6327,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "НАМУНА"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6312,7 +6342,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6325,27 +6355,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6361,13 +6391,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "ЭЗОҲҲО"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7897,7 +7927,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7912,7 +7942,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7927,12 +7957,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7953,12 +7983,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7982,17 +8012,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8000,7 +8030,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8027,7 +8057,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8040,12 +8070,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8064,60 +8094,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8231,26 +8261,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9690,9 +9720,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9702,19 +9748,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9724,12 +9770,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9737,7 +9783,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9752,7 +9798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9761,7 +9807,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9769,7 +9815,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9779,7 +9825,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13898,10 +13944,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Пешфарз: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13917,10 +13961,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Пешфарз: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-diff --git a/src/man/po/uk.po b/src/man/po/uk.po
-index 16d288464..1c706cc16 100644
---- a/src/man/po/uk.po
-+++ b/src/man/po/uk.po
-@@ -12,10 +12,10 @@
- # Yuri Chornoivan <yurchor@ukr.net>, 2019. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
--"PO-Revision-Date: 2019-06-14 04:59+0000\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
-+"PO-Revision-Date: 2019-12-03 01:50+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
- "uk/)\n"
-@@ -362,9 +362,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Типове значення: true"
-@@ -387,16 +387,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Типове значення: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -429,7 +429,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Типове значення: 10"
-
-@@ -642,10 +642,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (булеве значення)"
-+msgstr "monitor_resolv_conf (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -653,6 +651,8 @@ msgid ""
- "Controls if SSSD should monitor the state of resolv.conf to identify when it "
- "needs to update its internal DNS resolver."
- msgstr ""
-+"Керує тим, чи SSSD має спостерігати за станом resolv.conf для визначення "
-+"моменту, коли слід оновити дані вбудованого інструмента визначення DNS."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:335
-@@ -661,20 +661,13 @@ msgstr "try_inotify (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD спостерігає за станом resolv.conf для визначення моменту, коли слід "
--"оновити дані вбудованого інструменту визначення DNS. Типово, з цією метою "
--"використовується inotify. У разі неможливості використання inotify, "
-+"Типово, з метою спостереження за змінами у файлах налаштувань SSSD "
-+"намагається використати inotify. Якщо використати inotify не вдається, "
- "виконуватиметься опитування resolv.conf кожні п’ять секунд."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-@@ -794,13 +787,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -811,16 +797,20 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Будь ласка, зауважте, що якщо встановлено цей параметр, для усіх "
--"користувачів із основного домену доведеться використовувати ім’я повністю, "
--"тобто користувач@назва.домену, для входу до системи. Встановлення цього "
--"параметра змінює типове значення use_fully_qualified_names на True. Цей "
--"параметр не можна використовувати у поєднанні із значенням "
--"use_fully_qualified_names рівним False."
-+"Будь ласка, зауважте, що якщо встановлено цей параметр, для входу до системи "
-+"усім користувачам із основного домену доведеться використовувати повне ім'я "
-+"користувача — користувач@назва.домену. Встановлення цього параметра змінює "
-+"типове значення параметра use_fully_qualified_names на True. Цей параметр не "
-+"можна використовувати у поєднанні із встановленням для параметра "
-+"use_fully_qualified_names значення False. Єдиним виключенням з цього правила "
-+"є домени із <quote>id_provider=files</quote>, для яких завжди виконується "
-+"спроба встановлення поведінки, як відповідає nss_files, а отже, виведені "
-+"імена для них не будуть повними, навіть якщо використано параметр "
-+"default_domain_suffix."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -890,15 +880,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:483
--#, fuzzy
--#| msgid "no_ocsp"
- msgid "soft_ocsp"
--msgstr "no_ocsp"
-+msgstr "soft_ocsp"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:485 sssd.conf.5.xml:585
- msgid "(NSS Version) This option is ignored."
--msgstr ""
-+msgstr "(Версія для NSS) Цей параметр буде проігноровано."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:488
-@@ -908,11 +896,15 @@ msgid ""
- "authentication when the system is offline and the OCSP responder cannot be "
- "reached."
- msgstr ""
-+"(Версія для OpenSSL) Якщо не вдасться встановити з'єднання із відповідачем "
-+"OCSP, перевірку OCSP буде пропущено. Цим параметром слід користуватися для "
-+"того, щоб дозволити розпізнавання тоді, коли система працює автономно, отже "
-+"відповідач OCSP є недоступним."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:498
- msgid "ocsp_dgst"
--msgstr ""
-+msgstr "ocsp_dgst"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:500
-@@ -920,39 +912,41 @@ msgid ""
- "Digest (hash) function used to create the certificate ID for the OCSP "
- "request. Allowed values are:"
- msgstr ""
-+"Функція обчислення контрольної суми (хешу), яку буде використано для "
-+"створення ідентифікатора сертифіката для запиту OCSP. Можливі значення:"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:504
- msgid "sha1"
--msgstr ""
-+msgstr "sha1"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:505
- msgid "sha256"
--msgstr ""
-+msgstr "sha256"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:506
- msgid "sha384"
--msgstr ""
-+msgstr "sha384"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:507
- msgid "sha512"
--msgstr ""
-+msgstr "sha512"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Типове значення: 5"
-+msgstr "Типове значення: sha256"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
- msgid ""
- "(NSS Version) This option is ignored, because NSS uses sha1 unconditionally."
- msgstr ""
-+"(Версія для NSS) Цей параметр буде проігноровано, оскільки у NSS завжди "
-+"використовується sha1."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:518
-@@ -1059,7 +1053,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:583
- msgid "soft_crl"
--msgstr ""
-+msgstr "soft_crl"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:588
-@@ -1069,6 +1063,10 @@ msgid ""
- "allow authentication when the system is offline and the CRL cannot be "
- "renewed."
- msgstr ""
-+"(Версія для OpenSSL) Якщо строк дії списку відкликання сертифікатів (CRL) "
-+"вичерпано, перевірки CRL для відповідних сертифікатів буде проігноровано. "
-+"Цим параметром слід користуватися для уможливлення розпізнавання у системах, "
-+"які працюють у автономному режимі, коли оновлення CRL є неможливим."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:468
-@@ -2157,7 +2155,7 @@ msgstr ""
- "<emphasis>pwd_expiration_warning</emphasis> для окремого домену."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Типове значення: 0"
-
-@@ -2236,7 +2234,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Типове значення: none"
-
-@@ -2315,8 +2313,8 @@ msgstr ""
- "розпізнавання, типово таку сертифікацію вимкнено."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Типове значення: False"
-@@ -2696,10 +2694,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (рядок)"
-+msgstr "ssh_use_certificate_matching_rules (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2710,6 +2706,12 @@ msgid ""
- "comma separated list of mapping and matching rule names. All other rules "
- "will be ignored."
- msgstr ""
-+"Типово, відповідач SSH буде використовувати усі доступні правила "
-+"встановлення відповідності сертифікатів для фільтрування сертифікатів, тому "
-+"ключі SSH будуть створюватися лише на основі відповідних правилам "
-+"сертифікатів. За допомогою цього параметра можна обмежити перелік "
-+"використаних правил на основі списку назв правил прив'язки і відповідності, "
-+"відокремлених комами. Усі інші правила буде проігноровано."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1763
-@@ -2717,13 +2719,14 @@ msgid ""
- "If a non-existing rule name is given all rules will be ignored and all "
- "available certificates will be used to derive ssh keys."
- msgstr ""
-+"Якщо буде вказано назву правила, якого не існує, буде проігноровано усі "
-+"правила, а для створення ключів SSH буде використано усі доступні "
-+"сертифікати."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Типове значення: не встановлено (пробіли не замінятимуться)"
-+msgstr "Типове значення: не встановлено, буде використано усі знайдені правила"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -3389,15 +3392,16 @@ msgid ""
- "user, typically ran at login) operation in the past, both the user entry "
- "and the group membership are updated."
- msgstr ""
-+"Під час фонового оновлення виконуватиметься обробка записів користувачів, "
-+"груп та мережевих груп у кеші. для записів користувачів, для яких "
-+"виконувалися дії з ініціювання груп (отримання даних щодо участі користувача "
-+"у групах, які типово виконуються під час входу до системи), буде оновлено і "
-+"запис користувача, і дані щодо участі у групах."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2263
--#, fuzzy
--#| msgid ""
--#| "This option specifies the maximum allowed number of nested containers."
- msgid "This option is automatically inherited for all trusted domains."
--msgstr ""
--"Цей параметр визначає максимальну дозволену кількість вкладених контейнерів."
-+msgstr "Цей параметр автоматично успадковується для усіх довірених доменів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2267
-@@ -4646,13 +4650,6 @@ msgstr "hybrid"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3205
--#, fuzzy
--#| msgid ""
--#| "A primary group is autogenerated for user entries whose UID and GID "
--#| "numbers have the same value and at the same time the GID number does not "
--#| "correspond to a real group object in LDAP If the values are the same, but "
--#| "the primary GID in the user entry is also used by a group object, the "
--#| "primary GID of the user resolves to that group object."
- msgid ""
- "A primary group is autogenerated for user entries whose UID and GID numbers "
- "have the same value and at the same time the GID number does not correspond "
-@@ -5410,12 +5407,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3693
--#, fuzzy
--#| msgid ""
--#| "With the growing number of authentication methods and the possibility "
--#| "that there are multiple ones for a single user the heuristic used by "
--#| "pam_sss to select the prompting might not be suitable for all use cases. "
--#| "To following options should provide a better flexibility here."
- msgid ""
- "With the growing number of authentication methods and the possibility that "
- "there are multiple ones for a single user the heuristic used by pam_sss to "
-@@ -5484,11 +5475,6 @@ msgstr "single_prompt"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3730
--#, fuzzy
--#| msgid ""
--#| "boolean value, if True there will be only a single prompt using the value "
--#| "of first_prompt where it is expected that both factor are entered as a "
--#| "single string"
- msgid ""
- "boolean value, if True there will be only a single prompt using the value of "
- "first_prompt where it is expected that both factors are entered as a single "
-@@ -5509,12 +5495,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3700
--#, fuzzy
--#| msgid ""
--#| "Each supported authentication method has it's own configuration sub-"
--#| "section under <quote>[prompting/...]</quote>. Currently there are: "
--#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#| "\"variablelist\" id=\"1\"/>"
- msgid ""
- "Each supported authentication method has its own configuration subsection "
- "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
-@@ -5527,11 +5507,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3742
--#, fuzzy
--#| msgid ""
--#| "It is possible to add a sub-section for specific PAM services like e.g. "
--#| "<quote>[prompting/password/sshd]</quote> to individual change the "
--#| "prompting for this service."
- msgid ""
- "It is possible to add a subsection for specific PAM services, e.g. "
- "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
-@@ -6341,17 +6316,38 @@ msgstr ""
- "дії TGT)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Типове значення: 900 (15 хвилин)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (ціле значення)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -6361,17 +6357,17 @@ msgstr ""
- "один запит."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Типове значення: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -6382,7 +6378,7 @@ msgstr ""
- "RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -6392,7 +6388,7 @@ msgstr ""
- "підтримкою не можна скористатися."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -6403,17 +6399,17 @@ msgstr ""
- "це може призвести до відмови у виконанні запитів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Вимкнути отримання діапазону Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -6429,12 +6425,12 @@ msgstr ""
- "буде представлено як такі, у яких немає учасників."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (ціле значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -6445,19 +6441,42 @@ msgstr ""
- "параметра визначається OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
- "Типове значення: типове для системи значення (зазвичай, визначається у ldap."
- "conf)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (ціле значення)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний "
-+"рівень захисту, потрібний для встановлення з’єднання. Значення цього "
-+"параметра визначається OpenLDAP."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -6469,7 +6488,7 @@ msgstr ""
- "виконуватиметься окремо."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -6487,7 +6506,7 @@ msgstr ""
- "rootDSE."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -6500,7 +6519,7 @@ msgstr ""
- "OpenLDAP та Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -6511,12 +6530,12 @@ msgstr ""
- "незалежно від використання цього параметра."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -6526,7 +6545,7 @@ msgstr ""
- "таких значень:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -6535,7 +6554,7 @@ msgstr ""
- "жодних сертифікатів сервера."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6547,7 +6566,7 @@ msgstr ""
- "режимі."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6558,7 +6577,7 @@ msgstr ""
- "надано помилковий сертифікат, негайно перервати сеанс."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -6569,22 +6588,22 @@ msgstr ""
- "перервати сеанс."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Типове значення: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -6593,7 +6612,7 @@ msgstr ""
- "розпізнаються <command>sssd</command>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -6602,12 +6621,12 @@ msgstr ""
- "у <filename>/etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -6620,32 +6639,32 @@ msgstr ""
- "<command>cacertdir_rehash</command>, якщо ця програма є доступною."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "Визначає файл, у якому міститься ключ клієнта."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -6657,12 +6676,12 @@ msgstr ""
- "<manvolnum>5</manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -6671,12 +6690,12 @@ msgstr ""
- "class=\"protocol\">tls</systemitem> для захисту каналу."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -6688,19 +6707,19 @@ msgstr ""
- "ldap_group_gid_number."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "У поточній версії у цій можливості передбачено підтримку лише встановлення "
- "відповідності objectSID у ActiveDirectory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr "ldap_min_id, ldap_max_id (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6720,18 +6739,18 @@ msgstr ""
- "ідентифікаторів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
- "Типове значення: не встановлено (обидва параметри встановлено у значення 0)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
-@@ -6740,7 +6759,7 @@ msgstr ""
- "перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6758,12 +6777,12 @@ msgstr ""
- "manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6783,7 +6802,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6804,17 +6823,17 @@ msgstr ""
- "таблиці ключів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6826,17 +6845,17 @@ msgstr ""
- "проігноровано."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Типове значення: значення krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6846,36 +6865,36 @@ msgstr ""
- "SASL."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Типове значення: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
- "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI/GSS-"
- "SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
- "keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6886,12 +6905,12 @@ msgstr ""
- "механізм GSSAPI або GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-@@ -6899,17 +6918,17 @@ msgstr ""
- "SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Типове значення: 86400 (24 години)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6928,7 +6947,7 @@ msgstr ""
- "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6940,7 +6959,7 @@ msgstr ""
- "вдасться знайти."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6951,30 +6970,30 @@ msgstr ""
- "варто перейти на використання «krb5_server» у файлах налаштувань."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
- "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6984,12 +7003,12 @@ msgstr ""
- "версії MIT Kerberos >= 1.7"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -7004,7 +7023,7 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -7015,12 +7034,12 @@ msgstr ""
- "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -7029,7 +7048,7 @@ msgstr ""
- "використовувати такі значення:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -7038,7 +7057,7 @@ msgstr ""
- "разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -7049,7 +7068,7 @@ msgstr ""
- "manvolnum></citerefentry> для визначення того, чи чинним є пароль."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -7060,7 +7079,7 @@ msgstr ""
- "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -7070,18 +7089,18 @@ msgstr ""
- "встановленими за допомогою цього параметра."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
- "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -7090,7 +7109,7 @@ msgstr ""
- "з версією OpenLDAP 2.4.13 або новішою версією."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -7104,28 +7123,28 @@ msgstr ""
- "«false» може значно пришвидшити роботу."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Визначає назву служби, яку буде використано у разі вмикання визначення служб."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Типове значення: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -7134,17 +7153,17 @@ msgstr ""
- "уможливлює зміну паролів, у разі вмикання визначення служб."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -7153,12 +7172,12 @@ msgstr ""
- "щодо кількості днів з часу виконання дії зі зміни пароля."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -7187,12 +7206,12 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Приклад:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -7204,7 +7223,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -7213,7 +7232,7 @@ msgstr ""
- "employeeType встановлено у значення «admin»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -7227,17 +7246,17 @@ msgstr ""
- "таких прав не було надано, у автономному режимі їх також не буде надано."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Типове значення: порожній рядок"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -7246,7 +7265,7 @@ msgstr ""
- "керування доступом на боці клієнта."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -7257,12 +7276,12 @@ msgstr ""
- "з відповідним кодом помилки, навіть якщо вказано правильний пароль."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Можна використовувати такі значення:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -7271,7 +7290,7 @@ msgstr ""
- "визначити, чи завершено строк дії облікового запису."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -7284,7 +7303,7 @@ msgstr ""
- "Також буде перевірено, чи не вичерпано строк дії облікового запису."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -7295,7 +7314,7 @@ msgstr ""
- "ldap_ns_account_lock."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -7308,7 +7327,7 @@ msgstr ""
- "атрибутів, надати доступ."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -7319,24 +7338,24 @@ msgstr ""
- "користуватися параметром ldap_account_expire_policy."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Список відокремлених комами параметрів керування доступом. Можливі значення "
- "списку:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7351,7 +7370,7 @@ msgstr ""
- "для працездатності цієї можливості слід встановити «access_provider = ldap»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
-@@ -7361,7 +7380,7 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7384,13 +7403,13 @@ msgstr ""
- "параметра слід встановити значення «access_provider = ldap»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
- "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -7405,7 +7424,7 @@ msgstr ""
- "наприклад на ключах SSH."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -7420,7 +7439,7 @@ msgstr ""
- "негайно змінити пароль."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-@@ -7428,7 +7447,7 @@ msgstr ""
- "від SSSD не надходитиме."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
-@@ -7438,7 +7457,7 @@ msgstr ""
- "параметра «ldap_pwd_policy» відповідні правила поводження із паролями."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -7447,14 +7466,14 @@ msgstr ""
- "можливості доступу атрибут authorizedService"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
- "права доступу"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
-@@ -7463,7 +7482,7 @@ msgstr ""
- "того, чи матиме віддалений вузол доступ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
-@@ -7473,12 +7492,12 @@ msgstr ""
- "керування доступом."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Типове значення: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -7487,12 +7506,12 @@ msgstr ""
- "використано декілька разів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -7506,22 +7525,22 @@ msgstr ""
- "можна буде перевірити належним чином."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -7530,13 +7549,13 @@ msgstr ""
- "пошуку. Можливі такі варіанти:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
- "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -7546,7 +7565,7 @@ msgstr ""
- "пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -7555,7 +7574,7 @@ msgstr ""
- "під час визначення місця основного об’єкта пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -7564,7 +7583,7 @@ msgstr ""
- "час пошуку, так і під час визначення місця основного об’єкта пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -7573,12 +7592,12 @@ msgstr ""
- "сценарієм <emphasis>never</emphasis>)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -7587,7 +7606,7 @@ msgstr ""
- "серверів, у яких використовується схема RFC2307."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -7605,7 +7624,7 @@ msgstr ""
- "користувачів за допомогою виклику getpw*() або initgroups()."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -7617,12 +7636,12 @@ msgstr ""
- "групами LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr "wildcard_limit (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
-@@ -7631,26 +7650,19 @@ msgstr ""
- "пошуку з використанням символів-замінників."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
- "У поточній версії пошук із використанням символів-замінників передбачено "
- "лише для відповідача InfoPipe."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr "Типове значення: 1000 (часто розмір однієї сторінки)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -7663,16 +7675,19 @@ msgstr ""
- "Всі загальні параметри налаштування, які стосуються доменів SSSD, також "
- "стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки "
- "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. "
--"<placeholder type=\"variablelist\" id=\"0\"/>"
-+"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. Зауважте, що "
-+"атрибути прив'язки до LDAP SSSD описано на сторінці підручника щодо "
-+"<citerefentry> <refentrytitle>sssd-ldap-attributes</refentrytitle> "
-+"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" "
-+"id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "ПАРАМЕТРИ SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -7683,12 +7698,12 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -7698,7 +7713,7 @@ msgstr ""
- "набір правил, що зберігаються на сервері."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -7707,17 +7722,17 @@ msgstr ""
- "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Типове значення: 21600 (6 годин)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -7728,7 +7743,7 @@ msgstr ""
- "правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -7737,7 +7752,7 @@ msgstr ""
- "дані атрибута modifyTimestamp."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -7753,12 +7768,12 @@ msgstr ""
- "emphasis>)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -7768,12 +7783,12 @@ msgstr ""
- "назв вузлів)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -7782,7 +7797,7 @@ msgstr ""
- "фільтрування списку правил."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -7791,8 +7806,8 @@ msgstr ""
- "назву вузла та повну назву комп’ютера у домені у автоматичному режимі."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -7801,17 +7816,17 @@ msgstr ""
- "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Типове значення: не вказано"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7820,7 +7835,7 @@ msgstr ""
- "правил."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7829,12 +7844,12 @@ msgstr ""
- "адресу у автоматичному режимі."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7843,12 +7858,12 @@ msgstr ""
- "мережеву групу (netgroup) у атрибуті sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7857,7 +7872,7 @@ msgstr ""
- "заміни у атрибуті sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
-@@ -7866,7 +7881,7 @@ msgstr ""
- "для сервера LDAP!"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7879,12 +7894,12 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "ПАРАМЕТРИ AUTOFS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
-@@ -7893,47 +7908,47 @@ msgstr ""
- "LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "Назва основної карти автоматичного монтування у LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Типове значення: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7946,22 +7961,22 @@ msgstr ""
- "груп показуються неправильно."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7974,14 +7989,14 @@ msgstr ""
- "<placeholder type=\"variablelist\" id=\"1\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "ПРИКЛАД"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7992,7 +8007,7 @@ msgstr ""
- "<replaceable>[domains]</replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -8012,20 +8027,20 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
-@@ -8034,7 +8049,7 @@ msgstr ""
- "чином і використано ldap_access_order=lockout."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -8060,13 +8075,13 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "ЗАУВАЖЕННЯ"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -10001,7 +10016,7 @@ msgstr ""
- "цього вузла. Назву вузла слід вказувати повністю."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (булеве значення)"
-
-@@ -10021,7 +10036,7 @@ msgstr ""
- "допомогою параметра «dyndns_iface»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -10042,12 +10057,12 @@ msgstr ""
- "назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -10074,12 +10089,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Типове значення: 1200 (секунд)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -10112,17 +10127,17 @@ msgstr ""
- "для з’єднання LDAP IPA"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr "dyndns_auth (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -10133,7 +10148,7 @@ msgstr ""
- "можна надсилати встановленням для цього параметра значення «none»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr "Типове значення: GSS-TSIG"
-
-@@ -10168,7 +10183,7 @@ msgstr ""
- "вважатимуться резервними серверами."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (ціле число)"
-
-@@ -10185,12 +10200,12 @@ msgstr ""
- "є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -10214,12 +10229,12 @@ msgid "Default: False (disabled)"
- msgstr "Типове значення: False (вимкнено)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -10228,17 +10243,17 @@ msgstr ""
- "даними з сервером DNS."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr "dyndns_server (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
-@@ -10248,7 +10263,7 @@ msgstr ""
- "параметра."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
-@@ -10257,7 +10272,7 @@ msgstr ""
- "DNS відрізняється від сервера профілів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
-@@ -10267,17 +10282,17 @@ msgstr ""
- "невдало."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr "dyndns_update_per_family (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -10410,12 +10425,12 @@ msgstr ""
- "перетворено у основний DN для виконання дій LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr "krb5_confd_path (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
-@@ -10424,7 +10439,7 @@ msgstr ""
- "налаштувань Kerberos."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
-@@ -10433,7 +10448,7 @@ msgstr ""
- "значення «none»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -11500,11 +11515,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:359
--#, fuzzy
--#| msgid ""
--#| "GPO-based access control functionality uses GPO policy settings to "
--#| "determine whether or not a particular user is allowed to logon to a "
--#| "particular host."
- msgid ""
- "GPO-based access control functionality uses GPO policy settings to determine "
- "whether or not a particular user is allowed to logon to the host. For more "
-@@ -11513,7 +11523,9 @@ msgid ""
- msgstr ""
- "Функціональні можливості з керування доступом на основі GPO використовують "
- "параметри правил GPO для визначення того, може чи не може той чи інший "
--"користувач увійти до системи певного вузла мережі."
-+"користувач увійти до системи вузла мережі. Якщо вам потрібна докладніша "
-+"інформація щодо підтримуваних параметрів правил, зверніться до параметрів "
-+"<quote>ad_gpo_map</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:367
-@@ -11523,6 +11535,11 @@ msgid ""
- "S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See "
- "upstream issue tracker https://pagure.io/SSSD/sssd/issue/4099 ."
- msgstr ""
-+"Будь ласка, зверніть увагу на те, що у поточній версії SSSD не передбачено "
-+"підтримки вбудованих груп Active Directory. Вбудовані групи до правил "
-+"керування доступом на основі GPO (зокрема Administrators із SID "
-+"S-1-5-32-544) SSSD просто ігноруватиме. Див. запис системи стеження за "
-+"вадами https://pagure.io/SSSD/sssd/issue/4099 ."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:376
-@@ -11533,6 +11550,11 @@ msgid ""
- "a user, the user or at least one of the groups to which it belongs must have "
- "following permissions on the GPO:"
- msgstr ""
-+"Перед виконанням керування доступом SSSD застосовує захисне фільтрування на "
-+"основі правил груп до списку GPO. Для кожного входу користувача до системи "
-+"програма перевіряє застосовність GPO, які пов'язано із відповідним вузлом. "
-+"Щоб GPO можна було застосувати до користувача, користувач або принаймні одна "
-+"з груп, до яких він належить, повинен мати такі права доступу до GPO:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd-ad.5.xml:386
-@@ -11540,6 +11562,8 @@ msgid ""
- "Read: The user or one of its groups must have read access to the properties "
- "of the GPO (RIGHT_DS_READ_PROPERTY)"
- msgstr ""
-+"Read: користувач або одна з його груп повинна мати доступ до читання "
-+"властивостей GPO (RIGHT_DS_READ_PROPERTY)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd-ad.5.xml:393
-@@ -11547,6 +11571,8 @@ msgid ""
- "Apply Group Policy: The user or at least one of its groups must be allowed "
- "to apply the GPO (RIGHT_DS_CONTROL_ACCESS)."
- msgstr ""
-+"Apply Group Policy: користувач або принаймні одна з його груп повинна мати "
-+"доступ до застосування GPO (RIGHT_DS_CONTROL_ACCESS)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:401
-@@ -11557,6 +11583,11 @@ msgid ""
- "and access control are started, the Authenticated Users group permissions on "
- "the GPO always apply also to the user."
- msgstr ""
-+"Типово, у GPO є група Authenticated Users, для якої встановлено одразу права "
-+"доступу Read та Apply Group Policy. Оскільки розпізнавання користувача має "
-+"бути успішно завершено до захисного фільтрування GPO і запуску керування "
-+"доступом, до облікового запису користувача завжди застосовуються права "
-+"доступу групи Authenticated Users щодо GPO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:410
-@@ -11572,16 +11603,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:417
--#, fuzzy
--#| msgid ""
--#| "NOTE: If the operation mode is set to enforcing, it is possible that "
--#| "users that were previously allowed logon access will now be denied logon "
--#| "access (as dictated by the GPO policy settings). In order to facilitate a "
--#| "smooth transition for administrators, a permissive mode is available that "
--#| "will not enforce the access control rules, but will evaluate them and "
--#| "will output a syslog message if access would have been denied. By "
--#| "examining the logs, administrators can then make the necessary changes "
--#| "before setting the mode to enforcing."
- msgid ""
- "NOTE: If the operation mode is set to enforcing, it is possible that users "
- "that were previously allowed logon access will now be denied logon access "
-@@ -11603,7 +11624,10 @@ msgstr ""
- "відповідність цим правилам і виводитиме до системного журналу повідомлення, "
- "якщо доступ було надано усупереч цим правилам. Вивчення журналу надасть "
- "змогу адміністраторам внести відповідні зміни до встановлення примусового "
--"режиму (enforcing)."
-+"режиму (enforcing). Для запису до журналу даних керування доступом на основі "
-+"GPO потрібен рівень діагностики «trace functions» (див. сторінку підручника "
-+"<citerefentry> <refentrytitle>sssctl</refentrytitle> <manvolnum>8</"
-+"manvolnum> </citerefentry>)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:436
-@@ -11728,6 +11752,19 @@ msgid ""
- "local access only, if it or at least one of its groups is part of the policy "
- "settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"InteractiveLogonRight і DenyInteractiveLogonRight. Виконуватиметься оцінка "
-+"лише тих GPO, до яких користувач має права доступу Read і Apply Group Policy "
-+"(див. параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із "
-+"оброблених GPO міститься параметр заборони інтерактивного входу до системи "
-+"для користувача або однієї з його груп, користувачеві буде заборонено "
-+"локальний доступ. Якщо для жодного із оброблених GPO немає визначеного права "
-+"на інтерактивний вхід до системи, користувачеві буде надано локальний "
-+"доступ. Якщо хоча б одному зі оброблених GPO містяться параметри прав на "
-+"інтерактивний вхід до системи, користувачеві буде надано лише локальний "
-+"доступ, якщо він або принаймні одна з його груп є частиною параметрів "
-+"правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:549
-@@ -11818,6 +11855,19 @@ msgid ""
- "settings, the user is granted remote access only, if it or at least one of "
- "its groups is part of the policy settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"RemoteInteractiveLogonRight і DenyRemoteInteractiveLogonRight. "
-+"Виконуватиметься оцінка лише тих GPO, до яких користувач має права доступу "
-+"Read і Apply Group Policy (див. параметр <quote>ad_gpo_access_control</"
-+"quote>). Якщо у якомусь із оброблених GPO міститься параметр заборони "
-+"віддаленого входу до системи для користувача або однієї з його груп, "
-+"користувачеві буде заборонено віддалений інтерактивний доступ. Якщо для "
-+"жодного із оброблених GPO немає визначеного права на віддалений вхід до "
-+"системи, користувачеві буде надано віддалений доступ. Якщо хоча б одному зі "
-+"оброблених GPO містяться параметри прав на віддалений вхід до системи, "
-+"користувачеві буде надано лише віддалений доступ, якщо він або принаймні "
-+"одна з його груп є частиною параметрів правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:657
-@@ -11890,6 +11940,19 @@ msgid ""
- "logon access only, if it or at least one of its groups is part of the policy "
- "settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"NetworkLogonRight і DenyNetworkLogonRight. Виконуватиметься оцінка лише тих "
-+"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. "
-+"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених "
-+"GPO міститься параметр заборони входу до системи за допомогою мережі для "
-+"користувача або однієї з його груп, користувачеві буде заборонено локальний "
-+"доступ. Якщо для жодного із оброблених GPO немає визначеного права на вхід "
-+"до системи за допомогою мережі, користувачеві буде надано доступ до входу. "
-+"Якщо хоча б одному зі оброблених GPO містяться параметри прав на вхід до "
-+"системи за допомогою мережі, користувачеві буде надано лише доступ до входу "
-+"до системи, якщо він або принаймні одна з його груп є частиною параметрів "
-+"правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:715
-@@ -11961,6 +12024,19 @@ msgid ""
- "settings, the user is granted logon access only, if it or at least one of "
- "its groups is part of the policy settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"BatchLogonRight і DenyBatchLogonRight. Виконуватиметься оцінка лише тих GPO, "
-+"до яких користувач має права доступу Read і Apply Group Policy (див. "
-+"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених "
-+"GPO міститься параметр заборони пакетного входу до системи для користувача "
-+"або однієї з його груп, користувачеві буде заборонено доступ до пакетного "
-+"входу до системи. Якщо для жодного із оброблених GPO немає визначеного права "
-+"на пакетний вхід до системи, користувачеві буде надано доступ до входу до "
-+"системи. Якщо хоча б одному зі оброблених GPO містяться параметри прав на "
-+"пакетний вхід до системи, користувачеві буде надано лише доступ до входу до "
-+"системи, якщо він або принаймні одна з його груп є частиною параметрів "
-+"правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:773
-@@ -12033,6 +12109,19 @@ msgid ""
- "logon access only, if it or at least one of its groups is part of the policy "
- "settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"ServiceLogonRight і DenyServiceLogonRight. Виконуватиметься оцінка лише тих "
-+"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. "
-+"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених "
-+"GPO міститься параметр заборони входу до системи за допомогою служб для "
-+"користувача або однієї з його груп, користувачеві буде заборонено вхід до "
-+"системи за допомогою служб. Якщо для жодного із оброблених GPO немає "
-+"визначеного права на вхід до системи за допомогою служб, користувачеві буде "
-+"надано доступ до входу до системи. Якщо хоча б одному зі оброблених GPO "
-+"містяться параметри прав на вхід до системи за допомогою служб, "
-+"користувачеві буде надано лише доступ до входу до системи, якщо він або "
-+"принаймні одна з його груп є частиною параметрів правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:826
-@@ -12266,9 +12355,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr "Типове значення: 86400:750 (24 годин і 15 хвилин)"
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (булеве значення)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -12284,12 +12391,12 @@ msgstr ""
- "якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Типове значення: 3600 (секунд)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
-@@ -12298,7 +12405,7 @@ msgstr ""
- "для з’єднання LDAP AD"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -12315,12 +12422,12 @@ msgstr ""
- "значення."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Типове значення: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -12331,7 +12438,7 @@ msgstr ""
- "У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -12355,7 +12462,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -12367,7 +12474,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -12379,7 +12486,7 @@ msgstr ""
- "\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -12394,7 +12501,7 @@ msgstr ""
- "шифрування) вручну."
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13029,10 +13136,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
--#| "applications will not use the fast in memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
-@@ -14329,11 +14432,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:518
--#, fuzzy
--#| msgid ""
--#| "The krb5_kdcinfo_lookahead option contains two numbers seperated by a "
--#| "colon. The first number represents number of primary servers used and the "
--#| "second number specifies the number of backup servers."
- msgid ""
- "The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. "
- "The first number represents number of primary servers used and the second "
-@@ -14345,12 +14443,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
--#| "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. but no backup "
--#| "servers."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
-@@ -14360,7 +14452,7 @@ msgstr ""
- "Наприклад, <emphasis>10:0</emphasis> означає «буде передано до 10 основних "
- "серверів до <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>», але не буде "
--"передано резервні сервери."
-+"передано резервні сервери"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -17497,21 +17589,15 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
- #: sssd-kcm.8.xml:61
--#, fuzzy
--#| msgid ""
--#| "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
--#| "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
--#| "citerefentry> secrets store, allowing the ccaches to survive KCM server "
--#| "restarts or machine reboots."
- msgid ""
- "the SSSD implementation stores the ccaches in a database, typically located "
- "at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to "
- "survive KCM server restarts or machine reboots."
- msgstr ""
--"реалізація у SSSD зберігає ccache-і у сховищі реєстраційних даних "
--"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
--"manvolnum> </citerefentry> SSSD, що надає змогу ccache-ам переживати "
--"перезапуски сервера KCM та перезавантаження комп'ютера."
-+"реалізація у SSSD зберігає дані ccache у базі даних, файл якої типово "
-+"називається <replaceable>/var/lib/sss/secrets</replaceable>. За допомогою "
-+"цього файла ccache зберігаються протягом періодів перезапуску сервера KCM "
-+"або перезавантаження комп'ютера."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:67
-@@ -17698,28 +17784,24 @@ msgid ""
- "after changing options in the <quote>kcm</quote> section of sssd.conf: "
- "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-+"Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</"
-+"quote> файла sssd.conf. Будь ласка, зауважте, що оскільки активація служби "
-+"KCM, зазвичай, відбувається за допомогою сокетів, після внесення змін до "
-+"розділу <quote>kcm</quote> файла sssd.conf достатньо перезапустити службу "
-+"<quote>sssd-kcm</quote>: <placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the files provider for <citerefentry> "
--#| "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
--#| "citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
--#| "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"На цій сторінці довідника описано налаштування засобу обробки файлів для "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться "
--"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry>."
-+"Налаштування служби KCM виконують за допомогою <quote>kcm</quote>. Докладний "
-+"опис синтаксичних конструкцій налаштувань наведено у розділі <quote>ФОРМАТ "
-+"ФАЙЛА</quote> сторінки підручника щодо <citerefentry> <refentrytitle>sssd."
-+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -17755,27 +17837,27 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "max_secrets (integer)"
- msgid "max_ccaches (integer)"
--msgstr "max_secrets (ціле значення)"
-+msgstr "max_ccaches (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
- msgid "How many credential caches does the KCM database allow for all users."
- msgstr ""
-+"Скільки кешів реєстраційних може мати даних база даних KCM для усіх "
-+"користувачів."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:212
- msgid "Default: 0 (unlimited, only the per-UID quota is enforced)"
- msgstr ""
-+"Типове значення: 0 (без обмежень, застосовується лише квота на кількість "
-+"кешів на UID)"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "max_uid_secrets (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "max_uid_secrets (ціле число)"
-+msgstr "max_uid_ccaches (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -17783,20 +17865,19 @@ msgid ""
- "How many credential caches does the KCM database allow per UID. This is "
- "equivalent to <quote>with how many principals you can kinit</quote>."
- msgstr ""
-+"Скільки кешів реєстраційних може мати даних база даних KCM для окремого UID. "
-+"Еквівалент значення <quote>кількість реєстраційних даних, які можна "
-+"ініціювати за допомогою kinit</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Типове значення: 6"
-+msgstr "Типове значення: 64"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "max_payload_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "max_payload_size (ціле значення)"
-+msgstr "max_ccache_size (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -17804,13 +17885,13 @@ msgid ""
- "How big can a credential cache be per ccache. Each service ticket accounts "
- "into this quota."
- msgstr ""
-+"Наскільки великим може бути кеш реєстраційних даних окремого ccache. Ця "
-+"квота обчислюється для усіх квитків служб разом."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Типове значення: 6"
-+msgstr "Типове значення: 65536"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -17988,13 +18069,7 @@ msgstr "Зондує функцію sdap_get_generic_ext_send()."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:152
--#, fuzzy, no-wrap
--#| msgid ""
--#| "base:string\n"
--#| "scope:integer\n"
--#| "filter:string\n"
--#| "probestr:string\n"
--#| " "
-+#, no-wrap
- msgid ""
- "base:string\n"
- "scope:integer\n"
-@@ -18006,6 +18081,7 @@ msgstr ""
- "base:рядок\n"
- "scope:ціле число\n"
- "filter:рядок\n"
-+"attrs:рядок\n"
- "probestr:рядок\n"
- " "
-
-@@ -18037,10 +18113,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:176
--#, fuzzy
--#| msgid "probe sdap_deref_send"
- msgid "probe sdap_parse_entry"
--msgstr "зонд sdap_deref_send"
-+msgstr "зонд sdap_parse_entry"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:179
-@@ -18048,27 +18122,25 @@ msgid ""
- "Probes the sdap_parse_entry() function. It is called repeatedly with every "
- "received attribute."
- msgstr ""
-+"Зондує функцію sdap_parse_entry(). Викликається повторно для кожного "
-+"отриманого атрибута."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "filter:string\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"filter:рядок\n"
--" "
-+"attr:рядок\n"
-+"value:рядок\n"
-+" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
--#, fuzzy
--#| msgid "probe dp_req_done"
- msgid "probe sdap_parse_entry_done"
--msgstr "зонд dp_req_done"
-+msgstr "probe sdap_parse_entry_done"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:193
-@@ -18076,6 +18148,8 @@ msgid ""
- "Probes the sdap_parse_entry() function. It is called when parsing of "
- "received object is finished."
- msgstr ""
-+"Зондує функцію sdap_parse_entry(). Викликається після завершення обробки "
-+"отриманого об'єкта."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:201
-@@ -18319,7 +18393,7 @@ msgstr "Перетворення методу на рядок і поверне
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-systemtap.5.xml:410
- msgid "SAMPLE SYSTEMTAP SCRIPTS"
--msgstr ""
-+msgstr "ЗРАЗКИ СКРИПТІВ SYSTEMTAP"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-systemtap.5.xml:412
-@@ -18328,78 +18402,67 @@ msgid ""
- "script_name>.stp</command>), then perform an identity operation and the "
- "script will collect information from probes."
- msgstr ""
-+"Запустіть скрипт SystemTap (<command>stap /usr/share/sssd/systemtap/<"
-+"назва_скрипту>.stp</command>), потім виконайте дію із розпізнавання. "
-+"Скрипт збере дані за допомогою зондів."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-systemtap.5.xml:418
- msgid "Provided SystemTap scripts are:"
--msgstr ""
-+msgstr "Скриптами SystemTap з пакунка є:"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:422
- msgid "dp_request.stp"
--msgstr ""
-+msgstr "dp_request.stp"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:425
- msgid "Monitoring of data provider request performance."
--msgstr ""
-+msgstr "Спостереження за швидкодією обробки запитів засобом надання даних."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:430
- msgid "id_perf.stp"
--msgstr ""
-+msgstr "id_perf.stp"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:433
- msgid "Monitoring of <command>id</command> command performance."
--msgstr ""
-+msgstr "Спостереження за швидкодією виконання команди <command>id</command>."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (рядок)"
-+msgstr "ldap_perf.stp"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
- msgid "Monitoring of LDAP queries."
--msgstr ""
-+msgstr "Спостереження за запитами LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:447
- msgid "nested_group_perf.stp"
--msgstr ""
-+msgstr "nested_group_perf.stp"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:450
- msgid "Performance of nested groups resolving."
--msgstr ""
-+msgstr "Швидкодія визначення назв для вкладених груп."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr "sssd-ldap-attributes"
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "Модуль надання даних LDAP SSSD"
-+msgstr "Засіб надання даних LDAP SSSD: атрибути прив'язування"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -18407,17 +18470,17 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"На цій сторінці довідника описано налаштування доменів LDAP для "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться "
--"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry>."
-+"Цю сторінку підручника присвячено опису атрибутів прив'язування засобу "
-+"надання даних LDAP SSSD <citerefentry> <refentrytitle>sssd-ldap</"
-+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Повний опис "
-+"параметрів налаштовування засобу надання даних LDAP SSSD наведено на "
-+"сторінці підручника щодо <citerefentry> <refentrytitle>sssd-ldap</"
-+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
- msgid "USER ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ КОРИСТУВАЧА"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:42
-@@ -18529,7 +18592,7 @@ msgstr "Атрибут LDAP, що містить назву домашнього
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:129
- msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)"
--msgstr ""
-+msgstr "Типове значення: homeDirectory (LDAP та IPA), unixHomeDirectory (AD)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:135
-@@ -19066,6 +19129,10 @@ msgid ""
- "Therefore when using service-based access control, the <quote>systemd-user</"
- "quote> service might need to be added to the list of allowed services."
- msgstr ""
-+"У деяких дистрибутивах (зокрема у Fedora-29+ або RHEL-8) службу PAM "
-+"<quote>systemd-user</quote> завжди включено до процедури входу до системи. "
-+"Тому при використанні керування доступом на основі даних служб варто "
-+"додавати службу <quote>systemd-user</quote> до списку дозволених служб."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:545
-@@ -19204,7 +19271,7 @@ msgstr "Типове значення: mail"
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:644
- msgid "GROUP ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ ГРУПИ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:648
-@@ -19292,10 +19359,8 @@ msgstr "ldap_group_modify_timestamp (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (рядок)"
-+msgstr "ldap_group_type (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -19349,7 +19414,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:782
- msgid "NETGROUP ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ МЕРЕЖЕВОЇ ГРУПИ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:786
-@@ -19437,7 +19502,7 @@ msgstr "ldap_netgroup_modify_timestamp (рядок)"
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:871
- msgid "HOST ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ ВУЗЛА"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:875
-@@ -19523,10 +19588,8 @@ msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта ву
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "РОЗДІЛИ СЛУЖБ"
-+msgstr "АТРИБУТИ СЛУЖБИ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -19585,7 +19648,7 @@ msgstr "Типове значення: ipServiceProtocol"
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1026
- msgid "SUDO ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:1030
-@@ -19770,10 +19833,8 @@ msgstr "Типове значення: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "ПАРАМЕТРИ AUTOFS"
-+msgstr "АТРИБУТИ AUTOFS"
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -20098,20 +20159,17 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout"
-+msgstr "dns_resolver_server_timeout"
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
--#, fuzzy
--#| msgid "How long would SSSD talk to a single DNS server."
- msgid ""
- "Time in milliseconds that sets how long would SSSD talk to a single DNS "
- "server before trying next one."
- msgstr ""
--"Наскільки довго SSSD обмінюватиметься інформацією із окремим сервером DNS."
-+"Час у мілісекундах, протягом якого SSSD має намагатися обмінятися даними із "
-+"окремим сервером DNS, перш ніж перейти до спроб зв'язатися із наступним."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:90
-@@ -20125,6 +20183,10 @@ msgid ""
- "(e.g. resolution of a hostname or an SRV record) before trying the next "
- "hostname or discovery domain."
- msgstr ""
-+"Час у секундах, який визначає тривалість періоду, протягом якого SSSD "
-+"намагатиметься обробити окремий запит DNS (наприклад встановити назву вузла "
-+"або запис SRV), перш ніж перейти до наступної назви вузла або наступного "
-+"домену пошуку."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:106
-@@ -20158,13 +20220,6 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
- #: include/failover.xml:123
--#, fuzzy
--#| msgid ""
--#| "For LDAP-based providers, the resolve operation is performed as part of "
--#| "an LDAP connection operation. Therefore, also the "
--#| "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value "
--#| "than <quote>dns_resolver_timeout</quote> which in turn should be set to a "
--#| "larger value than <quote>dns_resolver_op_timeout</quote>."
- msgid ""
- "For LDAP-based providers, the resolve operation is performed as part of an "
- "LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
-@@ -20177,7 +20232,8 @@ msgstr ""
- "частина дії зі встановлення з'єднання із LDAP. Тому слід також встановити "
- "для часу очікування <quote>ldap_opt_timeout></quote> значення, яке "
- "перевищуватиме значення <quote>dns_resolver_timeout</quote>, яке також має "
--"перевищувати значення <quote>dns_resolver_op_timeout</quote>."
-+"перевищувати значення <quote>dns_resolver_op_timeout</quote>, яке має "
-+"перевищувати значення <quote>dns_resolver_server_timeout</quote>."
-
- #. type: Content of: <refsect1><title>
- #: include/ldap_id_mapping.xml:2
-@@ -21438,94 +21494,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier"
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr "ldap_group_external_member = ipaExternalMember"
--
--#~ msgid ""
--#~ "The background refresh will process users, groups and netgroups in the "
--#~ "cache."
--#~ msgstr ""
--#~ "Під час фонового оновлення виконуватиметься обробка записів користувачів, "
--#~ "груп та мережевих груп у кеші."
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Типове значення: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (ціле число)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the InteractiveLogonRight and "
--#~ "DenyInteractiveLogonRight policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO виконуватиметься на основі параметрів правил "
--#~ "InteractiveLogonRight і DenyInteractiveLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the RemoteInteractiveLogonRight and "
--#~ "DenyRemoteInteractiveLogonRight policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO засновано на параметрах захисту RemoteInteractiveLogonRight "
--#~ "і DenyRemoteInteractiveLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the NetworkLogonRight and "
--#~ "DenyNetworkLogonRight policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO засновано на параметрах захисту NetworkLogonRight і "
--#~ "DenyNetworkLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
--#~ "policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO засновано на параметрах захисту BatchLogonRight і "
--#~ "DenyBatchLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the ServiceLogonRight and "
--#~ "DenyServiceLogonRight policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO засновано на параметрах захисту ServiceLogonRight і "
--#~ "DenyServiceLogonRight."
--
--#~ msgid ""
--#~ "The KCM service is configured in the <quote>kcm</quote> section of the "
--#~ "sssd.conf file. Please note that currently, is it not sufficient to "
--#~ "restart the sssd-kcm service, because the sssd configuration is only "
--#~ "parsed and read to an internal configuration database by the sssd "
--#~ "service. Therefore you must restart the sssd service if you change "
--#~ "anything in the <quote>kcm</quote> section of sssd.conf. For a detailed "
--#~ "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
--#~ "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--#~ "manvolnum> </citerefentry> manual page."
--#~ msgstr ""
--#~ "Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</"
--#~ "quote> файла sssd.conf. Будь ласка, зауважте, що у поточній версії для "
--#~ "застосування налаштувань перезапуску служби sssd-kcm недостатньо, "
--#~ "оскільки обробка і читання налаштувань sssd до внутрішньої бази даних "
--#~ "налаштувань виконується лише самою службою sssd. Тому вам слід "
--#~ "перезапустити вашу службу sssd, якщо ви щось змінили у розділі "
--#~ "<quote>kcm</quote> файла sssd.conf. Докладний опис синтаксису файла "
--#~ "налаштувань наведено у розділі <quote>ФОРМАТ ФАЙЛА</quote> сторінки "
--#~ "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#~ "<manvolnum>5</manvolnum> </citerefentry>."
-diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
-index cca30a82f..3170fb6a2 100644
---- a/src/man/po/zh_CN.po
-+++ b/src/man/po/zh_CN.po
-@@ -6,9 +6,9 @@
- # Christopher Meng <cickumqt@gmail.com>, 2012
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:16+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
-@@ -301,9 +301,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -323,16 +323,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -361,7 +361,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -659,8 +659,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -769,10 +769,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: sha256"
--msgstr "默认: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1742,7 +1740,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1806,7 +1804,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1871,8 +1869,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5041,34 +5039,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5076,14 +5093,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5091,17 +5108,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5111,12 +5128,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5124,17 +5141,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5142,7 +5172,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5153,7 +5183,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5162,7 +5192,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5170,26 +5200,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5197,7 +5227,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5205,7 +5235,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5213,41 +5243,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5256,32 +5286,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5289,24 +5319,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5314,17 +5344,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5335,24 +5365,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5363,12 +5393,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5381,7 +5411,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5393,17 +5423,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5411,49 +5441,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5461,28 +5491,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5494,7 +5524,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5502,7 +5532,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5510,39 +5540,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5552,7 +5582,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5560,26 +5590,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5587,7 +5617,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5595,31 +5625,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5628,56 +5658,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5693,12 +5723,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5707,14 +5737,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5723,24 +5753,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5748,19 +5778,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5769,7 +5799,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5777,7 +5807,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5786,7 +5816,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5794,22 +5824,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5819,14 +5849,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5839,12 +5869,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5854,7 +5884,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5864,63 +5894,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5929,74 +5959,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6007,7 +6037,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6015,24 +6045,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6049,12 +6079,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6062,36 +6092,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6099,14 +6129,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6116,101 +6146,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6219,59 +6249,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6280,22 +6310,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6304,14 +6334,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6319,7 +6349,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6332,27 +6362,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6368,13 +6398,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7904,7 +7934,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7919,7 +7949,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7934,12 +7964,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7960,12 +7990,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7989,17 +8019,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8007,7 +8037,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8034,7 +8064,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8047,12 +8077,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8071,60 +8101,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8238,26 +8268,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9697,9 +9727,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9709,19 +9755,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9731,12 +9777,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9744,7 +9790,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9759,7 +9805,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9768,7 +9814,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9776,7 +9822,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9786,7 +9832,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13905,10 +13951,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 64"
--msgstr "默认: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13924,10 +13968,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 65536"
--msgstr "默认: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15430,10 +15472,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "服务部分"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
---
-2.20.1
-
diff --git a/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch b/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
new file mode 100644
index 0000000..4b519b7
--- /dev/null
+++ b/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
@@ -0,0 +1,44 @@
+From 8c642a542245a9f9fde5c2de9c96082b4c0d0963 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 11 May 2020 21:26:13 +0200
+Subject: [PATCH 17/19] ad: remove unused trust_type from ad_subdom_store()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_subdomains.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index a9a552ff7..198f5c916 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -576,7 +576,6 @@ ad_subdom_store(struct confdb_ctx *cdb,
+ enum idmap_error_code err;
+ struct ldb_message_element *el;
+ char *sid_str = NULL;
+- uint32_t trust_type;
+ enum sss_domain_mpg_mode mpg_mode;
+ enum sss_domain_mpg_mode default_mpg_mode;
+
+@@ -586,13 +585,6 @@ ad_subdom_store(struct confdb_ctx *cdb,
+ goto done;
+ }
+
+- ret = sysdb_attrs_get_uint32_t(subdom_attrs, AD_AT_TRUST_TYPE,
+- &trust_type);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_uint32_t failed.\n");
+- goto done;
+- }
+-
+ ret = sysdb_attrs_get_string(subdom_attrs, AD_AT_TRUST_PARTNER, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "failed to get subdomain name\n");
+--
+2.21.3
+
diff --git a/SOURCES/0017-sbus_server-stylistic-rename.patch b/SOURCES/0017-sbus_server-stylistic-rename.patch
deleted file mode 100644
index 40d597d..0000000
--- a/SOURCES/0017-sbus_server-stylistic-rename.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From faa5dbf6f716bd4ac0a3020a28a1ee6fbf74654a Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 17:22:28 +0100
-Subject: [PATCH 17/23] sbus_server: stylistic rename
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Renamed sbus_server_name_remove_from_table() to
-sbus_server_name_remove_from_table_cb() to keep naming consistent
-with other functions used as `hash_delete_callback` argument of
-sss_ptr_hash_create()
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/sbus/server/sbus_server.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/sbus/server/sbus_server.c b/src/sbus/server/sbus_server.c
-index 5405dae56..2b9327051 100644
---- a/src/sbus/server/sbus_server.c
-+++ b/src/sbus/server/sbus_server.c
-@@ -584,7 +584,7 @@ sbus_server_name_lost(struct sbus_server *server,
- }
-
- static void
--sbus_server_name_remove_from_table(hash_entry_t *item,
-+sbus_server_name_remove_from_table_cb(hash_entry_t *item,
- hash_destroy_enum type,
- void *pvt)
- {
-@@ -676,7 +676,7 @@ sbus_server_create(TALLOC_CTX *mem_ctx,
- }
-
- sbus_server->names = sss_ptr_hash_create(sbus_server,
-- sbus_server_name_remove_from_table, sbus_server);
-+ sbus_server_name_remove_from_table_cb, sbus_server);
- if (sbus_server->names == NULL) {
- ret = ENOMEM;
- goto done;
---
-2.20.1
-
diff --git a/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch b/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch
new file mode 100644
index 0000000..23486f2
--- /dev/null
+++ b/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch
@@ -0,0 +1,283 @@
+From 3ae3286d61ed796f0be7a1d72157af3687bc04a5 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 21:26:16 +0200
+Subject: [PATCH 18/19] ad: add ad_check_domain_{send|recv}
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This new request tries to get the basic domain information like domain
+SID and NetBIOS domain name for a domain given by the name. To achieve
+this the needed data is added to general domain structure and the SDAP
+domain structure. If the domain data cannot be looked up the data is
+removed again.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_subdomains.c | 251 +++++++++++++++++++++++++++++++
+ 1 file changed, 251 insertions(+)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index 198f5c916..299aa7391 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -2143,3 +2143,254 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx,
+
+ return EOK;
+ }
++
++struct ad_check_domain_state {
++ struct tevent_context *ev;
++ struct be_ctx *be_ctx;
++ struct sdap_id_op *sdap_op;
++ struct ad_id_ctx *dom_id_ctx;
++ struct sdap_options *opts;
++
++ const char *dom_name;
++ struct sss_domain_info *dom;
++ struct sss_domain_info *parent;
++ struct sdap_domain *sdom;
++
++ char *flat;
++ char *site;
++ char *forest;
++ char *sid;
++};
++
++static void ad_check_domain_connect_done(struct tevent_req *subreq);
++static void ad_check_domain_done(struct tevent_req *subreq);
++
++static int ad_check_domain_destructor(void *mem)
++{
++ struct ad_check_domain_state *state = talloc_get_type(mem,
++ struct ad_check_domain_state);
++
++ if (state->sdom != NULL) {
++ DEBUG(SSSDBG_TRACE_ALL, "Removing sdap domain [%s].\n",
++ state->dom->name);
++ sdap_domain_remove(state->opts, state->dom);
++ /* terminate all requests for this subdomain so we can free it */
++ dp_terminate_domain_requests(state->be_ctx->provider, state->dom->name);
++ talloc_zfree(state->sdom);
++ }
++
++ if (state->dom != NULL) {
++ DEBUG(SSSDBG_TRACE_ALL, "Removing domain [%s].\n", state->dom->name);
++ sss_domain_set_state(state->dom, DOM_DISABLED);
++ DLIST_REMOVE(state->be_ctx->domain->subdomains, state->dom);
++ talloc_zfree(state->dom);
++ }
++
++ return 0;
++}
++
++struct tevent_req *
++ad_check_domain_send(TALLOC_CTX *mem_ctx,
++ struct tevent_context *ev,
++ struct be_ctx *be_ctx,
++ struct ad_id_ctx *ad_id_ctx,
++ const char *dom_name,
++ const char *parent_dom_name)
++{
++ errno_t ret;
++ struct tevent_req *req;
++ struct tevent_req *subreq;
++ struct ad_check_domain_state *state;
++
++ req = tevent_req_create(mem_ctx, &state, struct ad_check_domain_state);
++ if (req == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
++ return NULL;
++ }
++
++ state->ev = ev;
++ state->be_ctx = be_ctx;
++ state->opts = ad_id_ctx->sdap_id_ctx->opts;
++ state->dom_name = dom_name;
++ state->parent = NULL;
++ state->sdom = NULL;
++
++ state->dom = find_domain_by_name(be_ctx->domain, dom_name, true);
++ if (state->dom == NULL) {
++ state->parent = find_domain_by_name(be_ctx->domain, parent_dom_name,
++ true);
++ if (state->parent == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Failed to find domain object for domain [%s].\n",
++ parent_dom_name);
++ ret = ENOENT;
++ goto immediately;
++ }
++
++ state->dom = new_subdomain(state->parent, state->parent, dom_name,
++ dom_name, NULL, NULL, MPG_DISABLED, false,
++ state->parent->forest,
++ NULL, 0, be_ctx->cdb, true);
++ if (state->dom == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "new_subdomain() failed.\n");
++ ret = EINVAL;
++ goto immediately;
++ }
++
++ talloc_set_destructor((TALLOC_CTX *) state, ad_check_domain_destructor);
++
++ DLIST_ADD_END(state->parent->subdomains, state->dom,
++ struct sss_domain_info *);
++
++ ret = sdap_domain_add(state->opts, state->dom, &state->sdom);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sdap_domain_subdom_add failed.\n");
++ goto immediately;
++ }
++
++ ret = ad_set_search_bases(ad_id_ctx->ad_options->id, state->sdom);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_MINOR_FAILURE, "failed to set ldap search bases for "
++ "domain '%s'. Will try to use automatically detected search "
++ "bases.", state->sdom->dom->name);
++ }
++
++ }
++
++ state->dom_id_ctx = ads_get_dom_id_ctx(be_ctx, ad_id_ctx, state->dom,
++ state->opts);
++ if (state->dom_id_ctx == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "ads_get_dom_id_ctx() failed.\n");
++ ret = EINVAL;
++ goto immediately;
++ }
++
++ state->sdap_op = sdap_id_op_create(state,
++ state->dom_id_ctx->sdap_id_ctx->conn->conn_cache);
++ if (state->sdap_op == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create() failed\n");
++ ret = ENOMEM;
++ goto immediately;
++ }
++
++ subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
++ if (subreq == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_connect_send() failed "
++ "[%d]: %s\n", ret, sss_strerror(ret));
++ goto immediately;
++ }
++
++ tevent_req_set_callback(subreq, ad_check_domain_connect_done, req);
++
++ return req;
++
++immediately:
++ if (ret == EOK) {
++ tevent_req_done(req);
++ } else {
++ tevent_req_error(req, ret);
++ }
++ tevent_req_post(req, ev);
++
++ return req;
++}
++
++static void ad_check_domain_connect_done(struct tevent_req *subreq)
++{
++ struct tevent_req *req;
++ struct ad_check_domain_state *state;
++ int ret;
++ int dp_error;
++
++ req = tevent_req_callback_data(subreq, struct tevent_req);
++ state = tevent_req_data(req, struct ad_check_domain_state);
++
++ ret = sdap_id_op_connect_recv(subreq, &dp_error);
++ talloc_zfree(subreq);
++
++ if (ret != EOK) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to connect to LDAP "
++ "[%d]: %s\n", ret, sss_strerror(ret));
++ if (dp_error == DP_ERR_OFFLINE) {
++ DEBUG(SSSDBG_MINOR_FAILURE, "No AD server is available, "
++ "cannot get the subdomain list while offline\n");
++ ret = ERR_OFFLINE;
++ }
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ subreq = ad_domain_info_send(state, state->ev,
++ state->dom_id_ctx->sdap_id_ctx->conn,
++ state->sdap_op, state->dom_name);
++
++ tevent_req_set_callback(subreq, ad_check_domain_done, req);
++
++ return;
++}
++
++static void ad_check_domain_done(struct tevent_req *subreq)
++{
++ struct tevent_req *req;
++ struct ad_check_domain_state *state;
++ errno_t ret;
++
++
++ req = tevent_req_callback_data(subreq, struct tevent_req);
++ state = tevent_req_data(req, struct ad_check_domain_state);
++
++ ret = ad_domain_info_recv(subreq, state, &state->flat, &state->sid,
++ &state->site, &state->forest);
++ talloc_zfree(subreq);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "Unable to lookup domain information "
++ "[%d]: %s\n", ret, sss_strerror(ret));
++ goto done;
++ }
++ DEBUG(SSSDBG_TRACE_ALL, "%s %s %s %s.\n", state->flat, state->sid,
++ state->site, state->forest);
++
++ /* New domain was successfully checked, remove destructor. */
++ talloc_set_destructor(state, NULL);
++
++ ret = EOK;
++
++done:
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ tevent_req_done(req);
++}
++
++errno_t ad_check_domain_recv(TALLOC_CTX *mem_ctx,
++ struct tevent_req *req,
++ char **_flat,
++ char **_id,
++ char **_site,
++ char **_forest)
++{
++ struct ad_check_domain_state *state = tevent_req_data(req,
++ struct ad_check_domain_state);
++
++ TEVENT_REQ_RETURN_ON_ERROR(req);
++
++ if (_flat) {
++ *_flat = talloc_steal(mem_ctx, state->flat);
++ }
++
++ if (_site) {
++ *_site = talloc_steal(mem_ctx, state->site);
++ }
++
++ if (_forest) {
++ *_forest = talloc_steal(mem_ctx, state->forest);
++ }
++
++ if (_id) {
++ *_id = talloc_steal(mem_ctx, state->sid);
++ }
++
++ return EOK;
++}
+--
+2.21.3
+
diff --git a/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch b/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch
deleted file mode 100644
index 25254a6..0000000
--- a/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From adc7730a4e1b9721c93863a1b283457e9c02a3c5 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 17:55:24 +0100
-Subject: [PATCH 18/23] sss_ptr_hash: don't keep empty sss_ptr_hash_delete_data
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There is no need to allocate memory for `sss_ptr_hash_delete_data`
-if table user doesn't provide custom delete callback.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 36 ++++++++++++++++++++----------------
- 1 file changed, 20 insertions(+), 16 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index 8f9762cb9..f8addec1e 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -138,12 +138,6 @@ sss_ptr_hash_delete_cb(hash_entry_t *item,
- struct sss_ptr_hash_value *value;
- struct hash_entry_t callback_entry;
-
-- data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data);
-- if (data == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n");
-- return;
-- }
--
- value = talloc_get_type(item->value.ptr, struct sss_ptr_hash_value);
- if (value == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value!\n");
-@@ -157,8 +151,14 @@ sss_ptr_hash_delete_cb(hash_entry_t *item,
- /* Free value, this also will disable spy */
- talloc_free(value);
-
-- /* Switch to the input value and call custom callback. */
-- if (data->callback != NULL) {
-+ if (pvt != NULL) {
-+ /* Switch to the input value and call custom callback. */
-+ data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data);
-+ if (data == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n");
-+ return;
-+ }
-+
- data->callback(&callback_entry, deltype, data->pvt);
- }
- }
-@@ -167,17 +167,19 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- hash_delete_callback *del_cb,
- void *del_cb_pvt)
- {
-- struct sss_ptr_hash_delete_data *data;
-+ struct sss_ptr_hash_delete_data *data = NULL;
- hash_table_t *table;
- errno_t ret;
-
-- data = talloc_zero(NULL, struct sss_ptr_hash_delete_data);
-- if (data == NULL) {
-- return NULL;
-- }
-+ if (del_cb != NULL) {
-+ data = talloc_zero(NULL, struct sss_ptr_hash_delete_data);
-+ if (data == NULL) {
-+ return NULL;
-+ }
-
-- data->callback = del_cb;
-- data->pvt = del_cb_pvt;
-+ data->callback = del_cb;
-+ data->pvt = del_cb_pvt;
-+ }
-
- ret = sss_hash_create_ex(mem_ctx, 10, &table, 0, 0, 0, 0,
- sss_ptr_hash_delete_cb, data);
-@@ -188,7 +190,9 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- return NULL;
- }
-
-- talloc_steal(table, data);
-+ if (data != NULL) {
-+ talloc_steal(table, data);
-+ }
-
- return table;
- }
---
-2.20.1
-
diff --git a/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch b/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
new file mode 100644
index 0000000..d1c4eb9
--- /dev/null
+++ b/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
@@ -0,0 +1,281 @@
+From e25e1e9228a6108d8e94f2e99f3004e6cbfc3349 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 12 May 2020 16:55:32 +0200
+Subject: [PATCH 19/19] ad: check forest root directly if not present on local
+ DC
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the information about the forest root domain cannot be read from the
+local domain-controller it is tried to read it from a DC of the forest
+root directly.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_subdomains.c | 184 +++++++++++++++++++++++++++----
+ 1 file changed, 164 insertions(+), 20 deletions(-)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index 299aa7391..7c6f51db7 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -35,6 +35,10 @@
+ #include <ndr.h>
+ #include <ndr/ndr_nbt.h>
+
++/* Avoid that ldb_val is overwritten by data_blob.h */
++#undef ldb_val
++#include <ldb.h>
++
+ /* Attributes of AD trusted domains */
+ #define AD_AT_FLATNAME "flatName"
+ #define AD_AT_SID "securityIdentifier"
+@@ -1258,15 +1262,37 @@ ads_get_dom_id_ctx(struct be_ctx *be_ctx,
+
+ struct ad_get_root_domain_state {
+ struct ad_subdomains_ctx *sd_ctx;
++ struct tevent_context *ev;
+ struct be_ctx *be_ctx;
+ struct sdap_idmap_ctx *idmap_ctx;
+ struct sdap_options *opts;
++ const char *domain;
++ const char *forest;
+
++ struct sysdb_attrs **reply;
++ size_t reply_count;
+ struct ad_id_ctx *root_id_ctx;
+ struct sysdb_attrs *root_domain_attrs;
+ };
+
+ static void ad_get_root_domain_done(struct tevent_req *subreq);
++static void ad_check_root_domain_done(struct tevent_req *subreq);
++static errno_t
++ad_get_root_domain_refresh(struct ad_get_root_domain_state *state);
++
++struct tevent_req *
++ad_check_domain_send(TALLOC_CTX *mem_ctx,
++ struct tevent_context *ev,
++ struct be_ctx *be_ctx,
++ struct ad_id_ctx *ad_id_ctx,
++ const char *dom_name,
++ const char *parent_dom_name);
++errno_t ad_check_domain_recv(TALLOC_CTX *mem_ctx,
++ struct tevent_req *req,
++ char **_flat,
++ char **_id,
++ char **_site,
++ char **_forest);
+
+ static struct tevent_req *
+ ad_get_root_domain_send(TALLOC_CTX *mem_ctx,
+@@ -1305,6 +1331,9 @@ ad_get_root_domain_send(TALLOC_CTX *mem_ctx,
+ state->opts = opts = sd_ctx->sdap_id_ctx->opts;
+ state->be_ctx = sd_ctx->be_ctx;
+ state->idmap_ctx = opts->idmap_ctx;
++ state->ev = ev;
++ state->domain = domain;
++ state->forest = forest;
+
+ filter = talloc_asprintf(state, FOREST_ROOT_FILTER_FMT, forest);
+ if (filter == NULL) {
+@@ -1340,17 +1369,14 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ {
+ struct tevent_req *req;
+ struct ad_get_root_domain_state *state;
+- struct sysdb_attrs **reply;
+- struct sss_domain_info *root_domain;
+- size_t reply_count;
+- bool has_changes;
+ errno_t ret;
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct ad_get_root_domain_state);
+
+- ret = sdap_search_bases_return_first_recv(subreq, state, &reply_count,
+- &reply);
++ ret = sdap_search_bases_return_first_recv(subreq, state,
++ &state->reply_count,
++ &state->reply);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to lookup forest root information "
+@@ -1358,19 +1384,142 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ goto done;
+ }
+
+- if (reply_count == 0) {
+- DEBUG(SSSDBG_OP_FAILURE, "No information provided for root domain\n");
+- ret = ENOENT;
+- goto done;
+- } else if (reply_count > 1) {
++ if (state->reply_count == 0) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "No information provided for root domain, trying directly.\n");
++ subreq = ad_check_domain_send(state, state->ev, state->be_ctx,
++ state->sd_ctx->ad_id_ctx, state->forest,
++ state->domain);
++ if (subreq == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "ad_check_domain_send() failed.\n");
++ ret = ENOMEM;
++ goto done;
++ }
++ tevent_req_set_callback(subreq, ad_check_root_domain_done, req);
++ return;
++ } else if (state->reply_count > 1) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Multiple results for root domain search, "
+ "domain list might be incomplete!\n");
+ ret = ERR_MALFORMED_ENTRY;
+ goto done;
+ }
+
++ ret = ad_get_root_domain_refresh(state);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
++ }
++
++done:
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ tevent_req_done(req);
++}
++
++static void ad_check_root_domain_done(struct tevent_req *subreq)
++{
++ struct tevent_req *req;
++ struct ad_get_root_domain_state *state;
++ errno_t ret;
++ char *flat = NULL;
++ char *id = NULL;
++ enum idmap_error_code err;
++ struct ldb_val id_val;
++
++ req = tevent_req_callback_data(subreq, struct tevent_req);
++ state = tevent_req_data(req, struct ad_get_root_domain_state);
++
++ ret = ad_check_domain_recv(state, subreq, &flat, &id, NULL, NULL);
++ talloc_zfree(subreq);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "Unable to check forest root information "
++ "[%d]: %s\n", ret, sss_strerror(ret));
++ goto done;
++ }
++
++ if (flat == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "NetBIOS name of forest root not available.\n");
++ ret = EINVAL;
++ goto done;
++ }
++
++ if (id == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Domain SID of forest root not available.\n");
++ ret = EINVAL;
++ goto done;
++ }
++
++ state->reply = talloc_array(state, struct sysdb_attrs *, 1);
++ if (state->reply == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "talloc_array() failed.\n");
++ ret = ENOMEM;
++ goto done;
++ }
++
++ state->reply[0] = sysdb_new_attrs(state->reply);
++ if (state->reply[0] == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs() failed.\n");
++ ret = ENOMEM;
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_string(state->reply[0], AD_AT_FLATNAME, flat);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_string(state->reply[0], AD_AT_TRUST_PARTNER,
++ state->forest);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
++ goto done;
++ }
++
++ err = sss_idmap_sid_to_bin_sid(state->idmap_ctx->map, id,
++ &id_val.data, &id_val.length);
++ if (err != IDMAP_SUCCESS) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Could not convert SID: [%s].\n", idmap_error_string(err));
++ ret = EFAULT;
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_val(state->reply[0], AD_AT_SID, &id_val);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
++ goto done;
++ }
++
++ state->reply_count = 1;
++
++ ret = ad_get_root_domain_refresh(state);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
++ }
++
++done:
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ tevent_req_done(req);
++}
++
++static errno_t
++ad_get_root_domain_refresh(struct ad_get_root_domain_state *state)
++{
++ struct sss_domain_info *root_domain;
++ bool has_changes;
++ errno_t ret;
++
+ ret = ad_subdomains_refresh(state->be_ctx, state->idmap_ctx, state->opts,
+- reply, reply_count, true,
++ state->reply, state->reply_count, true,
+ &state->sd_ctx->last_refreshed,
+ &has_changes);
+ if (ret != EOK) {
+@@ -1387,8 +1536,8 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ }
+ }
+
+- state->root_domain_attrs = reply[0];
+- root_domain = ads_get_root_domain(state->be_ctx, reply[0]);
++ state->root_domain_attrs = state->reply[0];
++ root_domain = ads_get_root_domain(state->be_ctx, state->reply[0]);
+ if (root_domain == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Could not find the root domain\n");
+ ret = EFAULT;
+@@ -1407,12 +1556,7 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ ret = EOK;
+
+ done:
+- if (ret != EOK) {
+- tevent_req_error(req, ret);
+- return;
+- }
+-
+- tevent_req_done(req);
++ return ret;
+ }
+
+ static errno_t ad_get_root_domain_recv(TALLOC_CTX *mem_ctx,
+--
+2.21.3
+
diff --git a/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch b/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch
deleted file mode 100644
index b56423a..0000000
--- a/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From d0eb88089b059bfe2da3bd1a3797b89d69119c29 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 19:00:27 +0100
-Subject: [PATCH 19/23] sss_ptr_hash: sss_ptr_hash_delete fix/optimization
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
- - no reason to skip hash_delete() just because sss_ptr_hash_lookup_internal()
-failed
- - avoid excessive lookup if it is not required to free payload
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index f8addec1e..7326244e6 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -331,20 +331,21 @@ void sss_ptr_hash_delete(hash_table_t *table,
- struct sss_ptr_hash_value *value;
- hash_key_t table_key;
- int hret;
-- void *ptr;
-+ void *payload;
-
- if (table == NULL || key == NULL) {
- return;
- }
-
-- value = sss_ptr_hash_lookup_internal(table, key);
-- if (value == NULL) {
-- /* Value not found. */
-- return;
-+ if (free_value) {
-+ value = sss_ptr_hash_lookup_internal(table, key);
-+ if (value == NULL) {
-+ free_value = false;
-+ } else {
-+ payload = value->ptr;
-+ }
- }
-
-- ptr = value->ptr;
--
- table_key.type = HASH_KEY_STRING;
- table_key.str = discard_const_p(char, key);
-
-@@ -357,7 +358,7 @@ void sss_ptr_hash_delete(hash_table_t *table,
-
- /* Also free the original value if requested. */
- if (free_value) {
-- talloc_free(ptr);
-+ talloc_free(payload);
- }
-
- return;
---
-2.20.1
-
diff --git a/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch b/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch
new file mode 100644
index 0000000..83826ef
--- /dev/null
+++ b/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch
@@ -0,0 +1,44 @@
+From d8d743870c459b5ff283c89d78b70d1684bd19a9 Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Wed, 13 May 2020 09:45:56 +0200
+Subject: [PATCH] man: Document invalid selinux context for homedirs
+
+The default value of fallback_homedir expands into path, that is not
+expected by selinux. Generally not only selinux might be affected by
+this default value. This PR documents the issue and recommends
+further steps.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5155
+
+Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
+---
+ src/man/include/ad_modified_defaults.xml | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
+index 91623d57a..65c9a0140 100644
+--- a/src/man/include/ad_modified_defaults.xml
++++ b/src/man/include/ad_modified_defaults.xml
+@@ -92,6 +92,18 @@
+ this fallback behavior, you can explicitly
+ set "fallback_homedir = %o".
+ </para>
++ <para>
++ Note that the system typically expects a home directory
++ in /home/%u folder. If you decide to use a different
++ directory structure, some other parts of your system may
++ need adjustments.
++ </para>
++ <para>
++ For example automated creation of home directories in
++ combination with selinux requires selinux adjustment,
++ otherwise the home directory will be created with wrong
++ selinux context.
++ </para>
+ </listitem>
+ </itemizedlist>
+ </refsect2>
+--
+2.21.3
+
diff --git a/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch b/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch
deleted file mode 100644
index b5a8ee4..0000000
--- a/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8cc2ce4e9060a71d441a377008fb2f567baa5d92 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 20:07:41 +0100
-Subject: [PATCH 20/23] sss_ptr_hash: removed redundant check
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-`sss_ptr_hash_check_type()` call would take care of this case.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index 7326244e6..bf111a613 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -268,12 +268,6 @@ sss_ptr_hash_lookup_internal(hash_table_t *table,
- return NULL;
- }
-
-- /* This may happen if we are in delete callback
-- * and we try to search the hash table. */
-- if (table_value.ptr == NULL) {
-- return NULL;
-- }
--
- if (!sss_ptr_hash_check_type(table_value.ptr, "struct sss_ptr_hash_value")) {
- return NULL;
- }
---
-2.20.1
-
diff --git a/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch b/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
new file mode 100644
index 0000000..dcfcf7e
--- /dev/null
+++ b/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
@@ -0,0 +1,37 @@
+From 26c794da31c215fef3e41429f6f13afdaf349bee Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 3 Jun 2020 20:35:04 +0200
+Subject: [PATCH 21/22] pam_sss: add SERVICE_IS_GDM_SMARTCARD
+
+Resolves: https://github.com/SSSD/sssd/issues/5190
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/sss_client/pam_sss.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
+index 69b440774..7e59f0487 100644
+--- a/src/sss_client/pam_sss.c
++++ b/src/sss_client/pam_sss.c
+@@ -71,6 +71,8 @@
+ #define DEBUG_MGS_LEN 1024
+ #define MAX_AUTHTOK_SIZE (1024*1024)
+ #define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)")
++#define SERVICE_IS_GDM_SMARTCARD(pitem) (strcmp((pitem)->pam_service, \
++ "gdm-smartcard") == 0)
+
+ static void logger(pam_handle_t *pamh, int level, const char *fmt, ...) {
+ va_list ap;
+@@ -2580,7 +2582,7 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ return PAM_AUTHINFO_UNAVAIL;
+ }
+
+- if (strcmp(pi.pam_service, "gdm-smartcard") == 0
++ if (SERVICE_IS_GDM_SMARTCARD(&pi)
+ || (flags & PAM_CLI_FLAGS_REQUIRE_CERT_AUTH)) {
+ ret = check_login_token_name(pamh, &pi, retries,
+ quiet_mode);
+--
+2.21.3
+
diff --git a/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch b/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch
deleted file mode 100644
index a9a9d8e..0000000
--- a/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 4bc0c2c7833dd643fc1137daf6519670c05c3736 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 21:11:16 +0100
-Subject: [PATCH 21/23] sss_ptr_hash: fixed memory leak
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In case `override` check was failed in _sss_ptr_hash_add()
-`value` was leaking.
-Fixed to do `override` check before value allocation.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index bf111a613..114b6edeb 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -217,21 +217,21 @@ errno_t _sss_ptr_hash_add(hash_table_t *table,
- return ERR_INVALID_DATA_TYPE;
- }
-
-+ table_key.type = HASH_KEY_STRING;
-+ table_key.str = discard_const_p(char, key);
-+
-+ if (override == false && hash_has_key(table, &table_key)) {
-+ return EEXIST;
-+ }
-+
- value = sss_ptr_hash_value_create(table, key, talloc_ptr);
- if (value == NULL) {
- return ENOMEM;
- }
-
-- table_key.type = HASH_KEY_STRING;
-- table_key.str = discard_const_p(char, key);
--
- table_value.type = HASH_VALUE_PTR;
- table_value.ptr = value;
-
-- if (override == false && hash_has_key(table, &table_key)) {
-- return EEXIST;
-- }
--
- hret = hash_enter(table, &table_key, &table_value);
- if (hret != HASH_SUCCESS) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add key %s!\n", key);
---
-2.20.1
-
diff --git a/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch b/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch
new file mode 100644
index 0000000..fd8d83d
--- /dev/null
+++ b/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch
@@ -0,0 +1,80 @@
+From 3ed254765fc92e9cc9e4c35335818eaf1256e0d6 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 3 Jun 2020 20:36:54 +0200
+Subject: [PATCH 22/22] pam_sss: special handling for gdm-smartcard
+
+The gdm-smartcard service is special since it is triggered by the
+presence of a Smartcard and even in the case of an error it will
+immediately try again. To break this loop we should ask for an user
+input and asking for a PIN is most straight forward and would show the
+same behavior as pam_pkcs11.
+
+Additionally it does not make sense to fall back the a password prompt
+for gdm-smartcard so also here a PIN prompt should be shown.
+
+Resolves: https://github.com/SSSD/sssd/issues/5190
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/sss_client/pam_sss.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
+index 7e59f0487..093e53af5 100644
+--- a/src/sss_client/pam_sss.c
++++ b/src/sss_client/pam_sss.c
+@@ -1835,8 +1835,13 @@ static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi)
+ struct pam_message m[2] = { { 0 }, { 0 } };
+ struct pam_response *resp = NULL;
+ struct cert_auth_info *cai = pi->selected_cert;
++ struct cert_auth_info empty_cai = { NULL, NULL, discard_const("Smartcard"),
++ NULL, NULL, NULL, NULL, NULL };
+
+- if (cai == NULL || cai->token_name == NULL || *cai->token_name == '\0') {
++ if (cai == NULL && SERVICE_IS_GDM_SMARTCARD(pi)) {
++ cai = &empty_cai;
++ } else if (cai == NULL || cai->token_name == NULL
++ || *cai->token_name == '\0') {
+ return PAM_SYSTEM_ERR;
+ }
+
+@@ -2188,6 +2193,9 @@ static int get_authtok_for_authentication(pam_handle_t *pamh,
+ }
+ }
+ ret = prompt_sc_pin(pamh, pi);
++ } else if (SERVICE_IS_GDM_SMARTCARD(pi)) {
++ /* Use pin prompt as fallback for gdm-smartcard */
++ ret = prompt_sc_pin(pamh, pi);
+ } else {
+ ret = prompt_password(pamh, pi, _("Password: "));
+ }
+@@ -2496,7 +2504,7 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ {
+ int ret;
+ int pam_status;
+- struct pam_items pi;
++ struct pam_items pi = { 0 };
+ uint32_t flags = 0;
+ const int *exp_data;
+ int *pw_exp_data;
+@@ -2570,7 +2578,8 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ /*
+ * Since we are only interested in the result message
+ * and will always use password authentication
+- * as a fallback, errors can be ignored here.
++ * as a fallback (except for gdm-smartcard),
++ * errors can be ignored here.
+ */
+ }
+ }
+@@ -2588,7 +2597,6 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ quiet_mode);
+ if (ret != PAM_SUCCESS) {
+ D(("check_login_token_name failed.\n"));
+- return ret;
+ }
+ }
+
+--
+2.21.3
+
diff --git a/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch b/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch
deleted file mode 100644
index c58fbd8..0000000
--- a/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch
+++ /dev/null
@@ -1,366 +0,0 @@
-From 0bb1289252eec972ea26721a92adc7db47383f76 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Fri, 24 Jan 2020 23:57:39 +0100
-Subject: [PATCH 22/23] sss_ptr_hash: internal refactoring
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-sss_ptr_hash code was refactored:
- - got rid of a "spy" to make logic cleaner
- - table got destructor to wipe its content
- - described some usage limitation in the documentation
-
-And resolves: https://pagure.io/SSSD/sssd/issue/4135
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 183 +++++++++++++++++-----------------------
- src/util/sss_ptr_hash.h | 17 +++-
- 2 files changed, 91 insertions(+), 109 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index 114b6edeb..6409236c7 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -39,67 +39,35 @@ static bool sss_ptr_hash_check_type(void *ptr, const char *type)
- return true;
- }
-
-+static int sss_ptr_hash_table_destructor(hash_table_t *table)
-+{
-+ sss_ptr_hash_delete_all(table, false);
-+ return 0;
-+}
-+
- struct sss_ptr_hash_delete_data {
- hash_delete_callback *callback;
- void *pvt;
- };
-
- struct sss_ptr_hash_value {
-- struct sss_ptr_hash_spy *spy;
-- void *ptr;
--};
--
--struct sss_ptr_hash_spy {
-- struct sss_ptr_hash_value *value;
- hash_table_t *table;
- const char *key;
-+ void *payload;
- };
-
--static int
--sss_ptr_hash_spy_destructor(struct sss_ptr_hash_spy *spy)
--{
-- spy->value->spy = NULL;
--
-- /* This results in removing entry from hash table and freeing the value. */
-- sss_ptr_hash_delete(spy->table, spy->key, false);
--
-- return 0;
--}
--
--static struct sss_ptr_hash_spy *
--sss_ptr_hash_spy_create(TALLOC_CTX *mem_ctx,
-- hash_table_t *table,
-- const char *key,
-- struct sss_ptr_hash_value *value)
--{
-- struct sss_ptr_hash_spy *spy;
--
-- spy = talloc_zero(mem_ctx, struct sss_ptr_hash_spy);
-- if (spy == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
-- return NULL;
-- }
--
-- spy->key = talloc_strdup(spy, key);
-- if (spy->key == NULL) {
-- talloc_free(spy);
-- return NULL;
-- }
--
-- spy->table = table;
-- spy->value = value;
-- talloc_set_destructor(spy, sss_ptr_hash_spy_destructor);
--
-- return spy;
--}
--
- static int
- sss_ptr_hash_value_destructor(struct sss_ptr_hash_value *value)
- {
-- if (value->spy != NULL) {
-- /* Disable spy destructor and free it. */
-- talloc_set_destructor(value->spy, NULL);
-- talloc_zfree(value->spy);
-+ hash_key_t table_key;
-+
-+ if (value->table && value->key) {
-+ table_key.type = HASH_KEY_STRING;
-+ table_key.str = discard_const_p(char, value->key);
-+ if (hash_delete(value->table, &table_key) != HASH_SUCCESS) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "failed to delete entry with key '%s'\n", value->key);
-+ }
- }
-
- return 0;
-@@ -112,18 +80,19 @@ sss_ptr_hash_value_create(hash_table_t *table,
- {
- struct sss_ptr_hash_value *value;
-
-- value = talloc_zero(table, struct sss_ptr_hash_value);
-+ value = talloc_zero(talloc_ptr, struct sss_ptr_hash_value);
- if (value == NULL) {
- return NULL;
- }
-
-- value->spy = sss_ptr_hash_spy_create(talloc_ptr, table, key, value);
-- if (value->spy == NULL) {
-+ value->key = talloc_strdup(value, key);
-+ if (value->key == NULL) {
- talloc_free(value);
- return NULL;
- }
-
-- value->ptr = talloc_ptr;
-+ value->table = table;
-+ value->payload = talloc_ptr;
- talloc_set_destructor(value, sss_ptr_hash_value_destructor);
-
- return value;
-@@ -138,29 +107,31 @@ sss_ptr_hash_delete_cb(hash_entry_t *item,
- struct sss_ptr_hash_value *value;
- struct hash_entry_t callback_entry;
-
-+ if (pvt == NULL) {
-+ return;
-+ }
-+
- value = talloc_get_type(item->value.ptr, struct sss_ptr_hash_value);
- if (value == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value!\n");
- return;
- }
-
-+ /* Switch to the input value and call custom callback. */
-+ data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data);
-+ if (data == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n");
-+ return;
-+ }
-+
- callback_entry.key = item->key;
- callback_entry.value.type = HASH_VALUE_PTR;
-- callback_entry.value.ptr = value->ptr;
--
-- /* Free value, this also will disable spy */
-- talloc_free(value);
--
-- if (pvt != NULL) {
-- /* Switch to the input value and call custom callback. */
-- data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data);
-- if (data == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n");
-- return;
-- }
--
-- data->callback(&callback_entry, deltype, data->pvt);
-- }
-+ callback_entry.value.ptr = value->payload;
-+ /* Even if execution is already in the context of
-+ * talloc_free(payload) -> talloc_free(value) -> ...
-+ * there still might be legitimate reasons to execute callback.
-+ */
-+ data->callback(&callback_entry, deltype, data->pvt);
- }
-
- hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
-@@ -194,6 +165,8 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- talloc_steal(table, data);
- }
-
-+ talloc_set_destructor(table, sss_ptr_hash_table_destructor);
-+
- return table;
- }
-
-@@ -282,15 +255,15 @@ void *_sss_ptr_hash_lookup(hash_table_t *table,
- struct sss_ptr_hash_value *value;
-
- value = sss_ptr_hash_lookup_internal(table, key);
-- if (value == NULL || value->ptr == NULL) {
-+ if (value == NULL || value->payload == NULL) {
- return NULL;
- }
-
-- if (!sss_ptr_hash_check_type(value->ptr, type)) {
-+ if (!sss_ptr_hash_check_type(value->payload, type)) {
- return NULL;
- }
-
-- return value->ptr;
-+ return value->payload;
- }
-
- void *_sss_ptr_get_value(hash_value_t *table_value,
-@@ -311,11 +284,11 @@ void *_sss_ptr_get_value(hash_value_t *table_value,
-
- value = table_value->ptr;
-
-- if (!sss_ptr_hash_check_type(value->ptr, type)) {
-+ if (!sss_ptr_hash_check_type(value->payload, type)) {
- return NULL;
- }
-
-- return value->ptr;
-+ return value->payload;
- }
-
- void sss_ptr_hash_delete(hash_table_t *table,
-@@ -323,74 +296,70 @@ void sss_ptr_hash_delete(hash_table_t *table,
- bool free_value)
- {
- struct sss_ptr_hash_value *value;
-- hash_key_t table_key;
-- int hret;
-- void *payload;
-+ void *payload = NULL;
-
- if (table == NULL || key == NULL) {
- return;
- }
-
-- if (free_value) {
-- value = sss_ptr_hash_lookup_internal(table, key);
-- if (value == NULL) {
-- free_value = false;
-- } else {
-- payload = value->ptr;
-- }
-- }
--
-- table_key.type = HASH_KEY_STRING;
-- table_key.str = discard_const_p(char, key);
--
-- /* Delete table entry. This will free value and spy in delete callback. */
-- hret = hash_delete(table, &table_key);
-- if (hret != HASH_SUCCESS && hret != HASH_ERROR_KEY_NOT_FOUND) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to remove key from table [%d]\n",
-- hret);
-+ value = sss_ptr_hash_lookup_internal(table, key);
-+ if (value == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Unable to remove key '%s' from table\n", key);
-+ return;
- }
-
-- /* Also free the original value if requested. */
- if (free_value) {
-- talloc_free(payload);
-+ payload = value->payload;
- }
-
-+ talloc_free(value); /* this will call hash_delete() in value d-tor */
-+
-+ talloc_free(payload); /* it is safe to call talloc_free(NULL) */
-+
- return;
- }
-
- void sss_ptr_hash_delete_all(hash_table_t *table,
- bool free_values)
- {
-+ hash_value_t *content;
- struct sss_ptr_hash_value *value;
-- hash_value_t *values;
-+ void *payload = NULL;
- unsigned long count;
- unsigned long i;
- int hret;
-- void *ptr;
-
- if (table == NULL) {
- return;
- }
-
-- hret = hash_values(table, &count, &values);
-+ hret = hash_values(table, &count, &content);
- if (hret != HASH_SUCCESS) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get values [%d]\n", hret);
- return;
- }
-
-- for (i = 0; i < count; i++) {
-- value = values[i].ptr;
-- ptr = value->ptr;
--
-- /* This will remove the entry from hash table and free value. */
-- talloc_free(value->spy);
--
-- if (free_values) {
-- /* Also free the original value. */
-- talloc_free(ptr);
-+ for (i = 0; i < count; ++i) {
-+ if ((content[i].type == HASH_VALUE_PTR) &&
-+ sss_ptr_hash_check_type(content[i].ptr,
-+ "struct sss_ptr_hash_value")) {
-+ value = content[i].ptr;
-+ if (free_values) {
-+ payload = value->payload;
-+ }
-+ talloc_free(value);
-+ if (free_values) {
-+ talloc_free(payload); /* it's safe to call talloc_free(NULL) */
-+ }
-+ } else {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Unexpected type of table content, skipping");
- }
- }
-
-+ talloc_free(content);
-+
- return;
- }
-
-diff --git a/src/util/sss_ptr_hash.h b/src/util/sss_ptr_hash.h
-index 56bb19a65..0889b171a 100644
---- a/src/util/sss_ptr_hash.h
-+++ b/src/util/sss_ptr_hash.h
-@@ -28,7 +28,19 @@
-
- /**
- * Create a new hash table with string key and talloc pointer value with
-- * possible delete callback.
-+ * possible custom delete callback @del_cb.
-+ * Table will have destructor setup to wipe content.
-+ * Never call hash_destroy(table) and hash_delete() explicitly but rather
-+ * use talloc_free(table) and sss_ptr_hash_delete().
-+ *
-+ * A notes about @del_cb:
-+ * - this callback must never modify hash table (i.e. add/del entries);
-+ * - this callback is triggered when value is either explicitly removed
-+ * from the table or simply freed (latter leads to removal of an entry
-+ * from the table);
-+ * - this callback is also triggered for every entry when table is freed
-+ * entirely. In this case (deltype == HASH_TABLE_DESTROY) any table
-+ * lookups / iteration are forbidden as table might be already invalidated.
- */
- hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- hash_delete_callback *del_cb,
-@@ -41,7 +53,8 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- * the value is overridden. Otherwise EEXIST error is returned.
- *
- * If talloc_ptr is freed the key and value are automatically
-- * removed from the hash table.
-+ * removed from the hash table (del_cb that was set up during
-+ * table creation is executed as a first step of this removal).
- *
- * @return EOK If the <@key, @talloc_ptr> pair was inserted.
- * @return EEXIST If @key already exists and @override is false.
---
-2.20.1
-
diff --git a/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch b/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch
deleted file mode 100644
index 1640cf7..0000000
--- a/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From 88b23bf50dd1c12413f3314639de2c3909bd9098 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 28 Jan 2020 19:26:08 +0100
-Subject: [PATCH 23/23] TESTS: added sss_ptr_hash unit test
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- Makefile.am | 1 +
- src/tests/cmocka/test_sss_ptr_hash.c | 193 +++++++++++++++++++++++++++
- src/tests/cmocka/test_utils.c | 9 ++
- src/tests/cmocka/test_utils.h | 6 +
- 4 files changed, 209 insertions(+)
- create mode 100644 src/tests/cmocka/test_sss_ptr_hash.c
-
-diff --git a/Makefile.am b/Makefile.am
-index 57ba51356..c991f2aa0 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3054,6 +3054,7 @@ test_ipa_idmap_LDADD = \
- test_utils_SOURCES = \
- src/tests/cmocka/test_utils.c \
- src/tests/cmocka/test_string_utils.c \
-+ src/tests/cmocka/test_sss_ptr_hash.c \
- src/p11_child/p11_child_common_utils.c \
- $(NULL)
- if BUILD_SSH
-diff --git a/src/tests/cmocka/test_sss_ptr_hash.c b/src/tests/cmocka/test_sss_ptr_hash.c
-new file mode 100644
-index 000000000..1458238f5
---- /dev/null
-+++ b/src/tests/cmocka/test_sss_ptr_hash.c
-@@ -0,0 +1,193 @@
-+/*
-+ Copyright (C) 2020 Red Hat
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include "tests/cmocka/common_mock.h"
-+#include "util/sss_ptr_hash.h"
-+
-+static const int MAX_ENTRIES_AMOUNT = 5;
-+
-+static void populate_table(hash_table_t *table, int **payloads)
-+{
-+ char key[2] = {'z', 0};
-+
-+ for (int i = 0; i < MAX_ENTRIES_AMOUNT; ++i) {
-+ payloads[i] = talloc_zero(global_talloc_context, int);
-+ assert_non_null(payloads[i]);
-+ *payloads[i] = i;
-+ key[0] = '0'+(char)i;
-+ assert_int_equal(sss_ptr_hash_add(table, key, payloads[i], int), 0);
-+ }
-+
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT);
-+}
-+
-+static void free_payload_cb(hash_entry_t *item, hash_destroy_enum type, void *pvt)
-+{
-+ int *counter;
-+
-+ assert_non_null(item);
-+ assert_non_null(item->value.ptr);
-+ talloc_zfree(item->value.ptr);
-+
-+ assert_non_null(pvt);
-+ counter = (int *)pvt;
-+ (*counter)++;
-+}
-+
-+void test_sss_ptr_hash_with_free_cb(void **state)
-+{
-+ hash_table_t *table;
-+ int free_counter = 0;
-+ int *payloads[MAX_ENTRIES_AMOUNT];
-+
-+ table = sss_ptr_hash_create(global_talloc_context,
-+ free_payload_cb,
-+ &free_counter);
-+ assert_non_null(table);
-+
-+ populate_table(table, payloads);
-+
-+ /* check explicit removal from the hash */
-+ sss_ptr_hash_delete(table, "1", false);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1);
-+ assert_int_equal(free_counter, 1);
-+
-+ /* check implicit removal triggered by payload deletion */
-+ talloc_free(payloads[3]);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2);
-+ assert_int_equal(free_counter, 2);
-+
-+ /* try to remove non existent entry */
-+ sss_ptr_hash_delete(table, "q", false);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2);
-+ assert_int_equal(free_counter, 2);
-+
-+ /* clear all */
-+ sss_ptr_hash_delete_all(table, false);
-+ assert_int_equal((int)hash_count(table), 0);
-+ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT);
-+
-+ /* check that table is still operable */
-+ populate_table(table, payloads);
-+ sss_ptr_hash_delete(table, "2", false);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1);
-+ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT+1);
-+
-+ talloc_free(table);
-+ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT*2);
-+}
-+
-+struct table_wrapper
-+{
-+ hash_table_t **table;
-+};
-+
-+static void lookup_cb(hash_entry_t *item, hash_destroy_enum type, void *pvt)
-+{
-+ hash_table_t *table;
-+ hash_key_t *keys;
-+ unsigned long count;
-+ int *value = NULL;
-+ int sum = 0;
-+
-+ assert_non_null(pvt);
-+ table = *((struct table_wrapper *)pvt)->table;
-+ assert_non_null(table);
-+
-+ if (type == HASH_TABLE_DESTROY) {
-+ /* table is being destroyed */
-+ return;
-+ }
-+
-+ assert_int_equal(hash_keys(table, &count, &keys), HASH_SUCCESS);
-+ for (unsigned int i = 0; i < count; ++i) {
-+ assert_int_equal(keys[i].type, HASH_KEY_STRING);
-+ value = sss_ptr_hash_lookup(table, keys[i].c_str, int);
-+ assert_non_null(value);
-+ sum += *value;
-+ }
-+ DEBUG(SSSDBG_TRACE_ALL, "sum of all values = %d\n", sum);
-+ talloc_free(keys);
-+}
-+
-+/* main difference with `test_sss_ptr_hash_with_free_cb()`
-+ * is that table cb here doesn't delete payload so
-+ * this is requested via `free_value(s)` arg
-+ */
-+void test_sss_ptr_hash_with_lookup_cb(void **state)
-+{
-+ hash_table_t *table;
-+ struct table_wrapper wrapper;
-+ int *payloads[MAX_ENTRIES_AMOUNT];
-+
-+ wrapper.table = &table;
-+ table = sss_ptr_hash_create(global_talloc_context,
-+ lookup_cb,
-+ &wrapper);
-+ assert_non_null(table);
-+
-+ populate_table(table, payloads);
-+
-+ /* check explicit removal from the hash */
-+ sss_ptr_hash_delete(table, "2", true);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1);
-+
-+ /* check implicit removal triggered by payload deletion */
-+ talloc_free(payloads[0]);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2);
-+
-+ /* clear all */
-+ sss_ptr_hash_delete_all(table, true);
-+ assert_int_equal((int)hash_count(table), 0);
-+ /* teardown function shall verify there are no leaks
-+ * on global_talloc_context and so that payloads[] were freed
-+ */
-+
-+ /* check that table is still operable */
-+ populate_table(table, payloads);
-+
-+ talloc_free(table);
-+ /* d-tor triggers hash_destroy() but since cb here doesn free payload
-+ * this should be done manually
-+ */
-+ for (int i = 0; i < MAX_ENTRIES_AMOUNT; ++i) {
-+ talloc_free(payloads[i]);
-+ }
-+}
-+
-+/* Just smoke test to verify that absence of cb doesn't break anything */
-+void test_sss_ptr_hash_without_cb(void **state)
-+{
-+ hash_table_t *table;
-+ int *payloads[MAX_ENTRIES_AMOUNT];
-+
-+ table = sss_ptr_hash_create(global_talloc_context, NULL, NULL);
-+ assert_non_null(table);
-+
-+ populate_table(table, payloads);
-+
-+ sss_ptr_hash_delete(table, "4", true);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1);
-+
-+ talloc_free(payloads[1]);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2);
-+
-+ sss_ptr_hash_delete_all(table, true);
-+ assert_int_equal((int)hash_count(table), 0);
-+
-+ talloc_free(table);
-+}
-diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c
-index 666f32903..c5eda4dd2 100644
---- a/src/tests/cmocka/test_utils.c
-+++ b/src/tests/cmocka/test_utils.c
-@@ -2055,6 +2055,15 @@ int main(int argc, const char *argv[])
- cmocka_unit_test_setup_teardown(test_sss_get_domain_mappings_content,
- setup_dom_list_with_subdomains,
- teardown_dom_list),
-+ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_with_free_cb,
-+ setup_leak_tests,
-+ teardown_leak_tests),
-+ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_with_lookup_cb,
-+ setup_leak_tests,
-+ teardown_leak_tests),
-+ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_without_cb,
-+ setup_leak_tests,
-+ teardown_leak_tests),
- };
-
- /* Set debug level to invalid value so we can decide if -d 0 was used. */
-diff --git a/src/tests/cmocka/test_utils.h b/src/tests/cmocka/test_utils.h
-index e93e0da25..44b9479f9 100644
---- a/src/tests/cmocka/test_utils.h
-+++ b/src/tests/cmocka/test_utils.h
-@@ -33,4 +33,10 @@ void test_guid_blob_to_string_buf(void **state);
- void test_get_last_x_chars(void **state);
- void test_concatenate_string_array(void **state);
-
-+/* from src/tests/cmocka/test_sss_ptr_hash.c */
-+void test_sss_ptr_hash_with_free_cb(void **state);
-+void test_sss_ptr_hash_with_lookup_cb(void **state);
-+void test_sss_ptr_hash_without_cb(void **state);
-+
-+
- #endif /* __TESTS__CMOCKA__TEST_UTILS_H__ */
---
-2.20.1
-
diff --git a/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch b/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
new file mode 100644
index 0000000..0f0b0ba
--- /dev/null
+++ b/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
@@ -0,0 +1,36 @@
+From 31e57432537b9d248839159d83cfa9049faf192b Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 19 Jun 2020 13:32:30 +0200
+Subject: [PATCH] pam_sss: make sure old certificate data is removed before
+ retry
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+To avoid that certificates will be shown in the certificate selection
+which are not available anymore they must be remove before a new request
+to look up the certificates is send to SSSD's PAM responder.
+
+Resolves: https://github.com/SSSD/sssd/issues/5190
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/sss_client/pam_sss.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
+index e3ad2c9b2..6a3ba2f50 100644
+--- a/src/sss_client/pam_sss.c
++++ b/src/sss_client/pam_sss.c
+@@ -2467,6 +2467,8 @@ static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
+ && strcmp(login_token_name,
+ pi->cert_list->token_name) != 0)) {
+
++ free_cert_list(pi->cert_list);
++ pi->cert_list = NULL;
+ if (retries < 0) {
+ ret = PAM_AUTHINFO_UNAVAIL;
+ goto done;
+--
+2.21.3
+
diff --git a/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch b/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch
deleted file mode 100644
index e31740a..0000000
--- a/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 7b647338a40d701c6a5bb51c48c10a31a6b72699 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 30 Jan 2020 13:14:14 +0100
-Subject: [PATCH 24/25] p11_child: check if card is present in wait_for_card()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some implementations of C_WaitForSlotEvent() might return even if no
-card was inserted. So it has to be checked if a card is really present.
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4159
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/p11_child/p11_child_openssl.c | 47 ++++++++++++++++---------------
- 1 file changed, 25 insertions(+), 22 deletions(-)
-
-diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c
-index 56601b117..295715612 100644
---- a/src/p11_child/p11_child_openssl.c
-+++ b/src/p11_child/p11_child_openssl.c
-@@ -1546,35 +1546,38 @@ static errno_t wait_for_card(CK_FUNCTION_LIST *module, CK_SLOT_ID *slot_id)
- CK_RV rv;
- CK_SLOT_INFO info;
-
-- rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL);
-- if (rv != CKR_OK) {
-- if (rv != CKR_FUNCTION_NOT_SUPPORTED) {
-+ do {
-+ rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL);
-+ if (rv != CKR_OK && rv != CKR_FUNCTION_NOT_SUPPORTED) {
- DEBUG(SSSDBG_OP_FAILURE,
- "C_WaitForSlotEvent failed [%lu][%s].\n",
- rv, p11_kit_strerror(rv));
- return EIO;
- }
-
-- /* Poor man's wait */
-- do {
-+ if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
-+ /* Poor man's wait */
- sleep(10);
-- rv = module->C_GetSlotInfo(*slot_id, &info);
-- if (rv != CKR_OK) {
-- DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n");
-- return EIO;
-- }
-- DEBUG(SSSDBG_TRACE_ALL,
-- "Description [%s] Manufacturer [%s] flags [%lu] "
-- "removable [%s] token present [%s].\n",
-- info.slotDescription, info.manufacturerID, info.flags,
-- (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false",
-- (info.flags & CKF_TOKEN_PRESENT) ? "true": "false");
-- if ((info.flags & CKF_REMOVABLE_DEVICE)
-- && (info.flags & CKF_TOKEN_PRESENT)) {
-- break;
-- }
-- } while (true);
-- }
-+ }
-+
-+ rv = module->C_GetSlotInfo(*slot_id, &info);
-+ if (rv != CKR_OK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n");
-+ return EIO;
-+ }
-+ DEBUG(SSSDBG_TRACE_ALL,
-+ "Description [%s] Manufacturer [%s] flags [%lu] "
-+ "removable [%s] token present [%s].\n",
-+ info.slotDescription, info.manufacturerID, info.flags,
-+ (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false",
-+ (info.flags & CKF_TOKEN_PRESENT) ? "true": "false");
-+
-+ /* Check if really a token is present */
-+ if ((info.flags & CKF_REMOVABLE_DEVICE)
-+ && (info.flags & CKF_TOKEN_PRESENT)) {
-+ break;
-+ }
-+ } while (true);
-
- return EOK;
- }
---
-2.20.1
-
diff --git a/SOURCES/0024-systemtap-Missing-a-comma.patch b/SOURCES/0024-systemtap-Missing-a-comma.patch
new file mode 100644
index 0000000..b747c2a
--- /dev/null
+++ b/SOURCES/0024-systemtap-Missing-a-comma.patch
@@ -0,0 +1,34 @@
+From 66029529fa0f0e2d16999f22294822deeec5f60b Mon Sep 17 00:00:00 2001
+From: Alejandro Visiedo <avisiedo@redhat.com>
+Date: Thu, 11 Jun 2020 00:36:04 +0200
+Subject: [PATCH] systemtap: Missing a comma
+
+sssd_functions.stp was missing a comma.
+
+Thanks to William Cohen for reporting the issue and the patch to fix it.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1840194
+
+Resolves: https://github.com/SSSD/sssd/issues/5201
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/systemtap/sssd_functions.stp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemtap/sssd_functions.stp b/src/systemtap/sssd_functions.stp
+index 1eb140ccf..01f553177 100644
+--- a/src/systemtap/sssd_functions.stp
++++ b/src/systemtap/sssd_functions.stp
+@@ -7,7 +7,7 @@ global TARGET_ID=0, TARGET_AUTH=1, TARGET_ACCESS=2, TARGET_CHPASS=3,
+ global METHOD_CHECK_ONLINE=0, METHOD_ACCOUNT_HANDLER=1, METHOD_AUTH_HANDLER=2,
+ METHOD_ACCESS_HANDLER=3, METHOD_SELINUX_HANDLER=4, METHOD_SUDO_HANDLER=5,
+ METHOD_AUTOFS_HANDLER=6, METHOD_HOSTID_HANDLER=7, METHOD_DOMAINS_HANDLER=8,
+- METHOD_RESOLVER_HANDLER=9 METHOD_SENTINEL=10
++ METHOD_RESOLVER_HANDLER=9, METHOD_SENTINEL=10
+
+ function acct_req_desc(entry_type)
+ {
+--
+2.21.3
+
diff --git a/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch b/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch
deleted file mode 100644
index 0127ff5..0000000
--- a/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 37780b895199bab991edae6b1eeb91b7b3966bcf Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 6 Feb 2020 14:50:23 +0100
-Subject: [PATCH 25/25] PAM client: only require UID 0 for private socket
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some privileged services like e.g. gdm might only call with UID 0 but
-with a different GID. This patch removes the GID 0 requirement to access
-to private PAM socket so that e.g. gdm can use the wait-for-card option.
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4159
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/sss_client/common.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/sss_client/common.c b/src/sss_client/common.c
-index 270ca8b54..902438c86 100644
---- a/src/sss_client/common.c
-+++ b/src/sss_client/common.c
-@@ -910,8 +910,8 @@ int sss_pam_make_request(enum sss_cli_command cmd,
- goto out;
- }
-
-- /* only root shall use the privileged pipe */
-- if (getuid() == 0 && getgid() == 0) {
-+ /* only UID 0 shall use the privileged pipe */
-+ if (getuid() == 0) {
- socket_name = SSS_PAM_PRIV_SOCKET_NAME;
- errno = 0;
- statret = stat(socket_name, &stat_buf);
---
-2.20.1
-
diff --git a/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch b/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
new file mode 100644
index 0000000..2b71ccd
--- /dev/null
+++ b/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
@@ -0,0 +1,94 @@
+From ffb9ad1331ac5f5d9bf237666aff19f1def77871 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 26 Jun 2020 12:07:48 +0200
+Subject: [PATCH] proxy: use 'x' as default pwfield only for sssd-shadowutils
+ target
+
+To avoid regression for case where files is used for proxy but authentication
+is handled by other module then pam_unix. E.g. auth_provider = krb
+
+This provides different solution to the ticket and improves the documentation.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5129
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/confdb/confdb.c | 25 ++++++++++++++++++++-----
+ src/man/sssd.conf.5.xml | 12 +++++++++---
+ 2 files changed, 29 insertions(+), 8 deletions(-)
+
+diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
+index 65ad18dcf..c2daa9a2c 100644
+--- a/src/confdb/confdb.c
++++ b/src/confdb/confdb.c
+@@ -872,7 +872,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+ struct sss_domain_info *domain;
+ struct ldb_result *res;
+ TALLOC_CTX *tmp_ctx;
+- const char *tmp;
++ const char *tmp, *tmp_pam_target, *tmp_auth;
+ int ret, val;
+ uint32_t entry_cache_timeout;
+ char *default_domain;
+@@ -1030,13 +1030,28 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+ }
+
+ if (domain->provider != NULL && strcasecmp(domain->provider, "proxy") == 0) {
+- /* The password field must be reported as 'x' for proxy provider
+- * using files library, else pam_unix won't
+- * authenticate this entry. */
++ /* The password field must be reported as 'x' for proxy provider
++ * using files library, else pam_unix won't authenticate this entry.
++ * We set this only for sssd-shadowutils target which can be used
++ * to authenticate with pam_unix only. Otherwise we let administrator
++ * to overwrite default * value with pwfield option to avoid regression
++ * on more common use case where remote authentication is required. */
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+ CONFDB_PROXY_LIBNAME,
+ NULL);
+- if (tmp != NULL && strcasecmp(tmp, "files") == 0) {
++
++ tmp_auth = ldb_msg_find_attr_as_string(res->msgs[0],
++ CONFDB_DOMAIN_AUTH_PROVIDER,
++ NULL);
++
++ tmp_pam_target = ldb_msg_find_attr_as_string(res->msgs[0],
++ CONFDB_PROXY_PAM_TARGET,
++ NULL);
++
++ if (tmp != NULL && tmp_pam_target != NULL
++ && strcasecmp(tmp, "files") == 0
++ && (tmp_auth == NULL || strcasecmp(tmp_auth, "proxy") == 0)
++ && strcmp(tmp_pam_target, "sssd-shadowutils") == 0) {
+ domain->pwfield = "x";
+ }
+ }
+diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
+index cae24bb63..44b3b8f20 100644
+--- a/src/man/sssd.conf.5.xml
++++ b/src/man/sssd.conf.5.xml
+@@ -1135,11 +1135,17 @@ fallback_homedir = /home/%u
+ <quote>password</quote> field.
+ </para>
+ <para>
+- This option can also be set per-domain.
++ Default: <quote>*</quote>
+ </para>
+ <para>
+- Default: <quote>*</quote> (remote domains)
+- or <quote>x</quote> (the files domain)
++ Note: This option can also be set per-domain which
++ overwrites the value in [nss] section.
++ </para>
++ <para>
++ Default: <quote>not set</quote> (remote domains),
++ <quote>x</quote> (the files domain),
++ <quote>x</quote> (proxy domain with nss_files
++ and sssd-shadowutils target)
+ </para>
+ </listitem>
+ </varlistentry>
+--
+2.21.3
+
diff --git a/SOURCES/0026-files-allow-root-membership.patch b/SOURCES/0026-files-allow-root-membership.patch
new file mode 100644
index 0000000..9356e0b
--- /dev/null
+++ b/SOURCES/0026-files-allow-root-membership.patch
@@ -0,0 +1,291 @@
+From 8969c43dc2d8d0800c2f0b509d078378db855622 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Tue, 23 Jun 2020 12:05:08 +0200
+Subject: [PATCH] files: allow root membership
+
+There are two use cases that do not work with files provider:
+
+1. User has primary GID 0:
+
+This is fine by itself since SSSD does not store this user in cache and it is
+handled only by `nss_files` so the user (`tuser`) is returned correctly. The
+problem is when you try to resolve group that the user is member of. In this
+case that the membership is missing the group (but only if the user was
+previously resolved and thus stored in negative cache).
+
+```
+tuser:x:1001:0::/home/tuser:/bin/bash
+tuser:x:1001:tuser
+
+// tuser@files is ghost member of the group so it is returned because it is not in negative cache
+$ getent group tuser
+tuser:x:1001:tuser
+
+// expire memcache
+// tuser@files is ghost member but not returned because it is in negative cache
+$ id tuser // returned from nss_files
+uid=1001(tuser) gid=0(root) groups=0(root),1001(tuser)
+[pbrezina /dev/shm/sssd]$ getent group tuser
+tuser:x:1001:
+```
+
+**2. root is member of other group**
+
+The root member is missing from the membership since it was filtered out by
+negative cache.
+
+```
+tuser:x:1001:root
+
+$ id root
+uid=0(root) gid=0(root) groups=0(root),1001(tuser)
+[pbrezina /dev/shm/sssd]$ getent group tuser
+tuser:x:1001:
+```
+
+In files provider, only the users that we do not want to managed are stored
+as ghost member, therefore we can let nss_files handle group that has ghost
+members.
+
+Tests are changed as well to work with this behavior. Users are added when
+required and ghost are expected to return ENOENT.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5170
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/nss/nss_protocol_grent.c | 18 +++++++
+ src/tests/intg/files_ops.py | 13 +++++
+ src/tests/intg/test_files_provider.py | 73 ++++++++++++++++----------
+ 3 files changed, 77 insertions(+), 27 deletions(-)
+
+diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c
+index 9c443d0e7..6d8e71083 100644
+--- a/src/responder/nss/nss_protocol_grent.c
++++ b/src/responder/nss/nss_protocol_grent.c
+@@ -141,6 +141,24 @@ nss_protocol_fill_members(struct sss_packet *packet,
+ members[0] = nss_get_group_members(domain, msg);
+ members[1] = nss_get_group_ghosts(domain, msg, group_name);
+
++ if (is_files_provider(domain) && members[1] != NULL) {
++ /* If there is a ghost member in files provider it means that we
++ * did not store the user on purpose (e.g. it has uid or gid 0).
++ * Therefore nss_files does handle the user and therefore we
++ * must let nss_files to also handle this group in order to
++ * provide correct membership. */
++ DEBUG(SSSDBG_TRACE_FUNC,
++ "Unknown members found. nss_files will handle it.\n");
++
++ ret = sss_ncache_set_group(rctx->ncache, false, domain, group_name);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sss_ncache_set_group failed.\n");
++ }
++
++ ret = ENOENT;
++ goto done;
++ }
++
+ sss_packet_get_body(packet, &body, &body_len);
+
+ num_members = 0;
+diff --git a/src/tests/intg/files_ops.py b/src/tests/intg/files_ops.py
+index c1c4465e7..57959f501 100644
+--- a/src/tests/intg/files_ops.py
++++ b/src/tests/intg/files_ops.py
+@@ -103,6 +103,13 @@ class FilesOps(object):
+
+ contents = self._read_contents()
+
++ def _has_line(self, key):
++ try:
++ self._get_named_line(key, self._read_contents())
++ return True
++ except KeyError:
++ return False
++
+
+ class PasswdOps(FilesOps):
+ """
+@@ -132,6 +139,9 @@ class PasswdOps(FilesOps):
+ def userdel(self, name):
+ self._del_line(name)
+
++ def userexist(self, name):
++ return self._has_line(name)
++
+
+ class GroupOps(FilesOps):
+ """
+@@ -158,3 +168,6 @@ class GroupOps(FilesOps):
+
+ def groupdel(self, name):
+ self._del_line(name)
++
++ def groupexist(self, name):
++ return self._has_line(name)
+diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
+index 023333020..90be198c3 100644
+--- a/src/tests/intg/test_files_provider.py
++++ b/src/tests/intg/test_files_provider.py
+@@ -60,11 +60,13 @@ OV_USER1 = dict(name='ov_user1', passwd='x', uid=10010, gid=20010,
+ dir='/home/ov/user1',
+ shell='/bin/ov_user1_shell')
+
+-ALT_USER1 = dict(name='altuser1', passwd='x', uid=60001, gid=70001,
++ALT_USER1 = dict(name='alt_user1', passwd='x', uid=60001, gid=70001,
+ gecos='User for tests from alt files',
+ dir='/home/altuser1',
+ shell='/bin/bash')
+
++ALL_USERS = [CANARY, USER1, USER2, OV_USER1, ALT_USER1]
++
+ CANARY_GR = dict(name='canary',
+ gid=300001,
+ mem=[])
+@@ -365,21 +367,34 @@ def setup_pw_with_canary(passwd_ops_setup):
+ return setup_pw_with_list(passwd_ops_setup, [CANARY])
+
+
+-def setup_gr_with_list(grp_ops, group_list):
++def add_group_members(pwd_ops, group):
++ members = {x['name']: x for x in ALL_USERS}
++ for member in group['mem']:
++ if pwd_ops.userexist(member):
++ continue
++
++ pwd_ops.useradd(**members[member])
++
++
++def setup_gr_with_list(pwd_ops, grp_ops, group_list):
+ for group in group_list:
++ add_group_members(pwd_ops, group)
+ grp_ops.groupadd(**group)
++
+ ent.assert_group_by_name(CANARY_GR['name'], CANARY_GR)
+ return grp_ops
+
+
+ @pytest.fixture
+-def add_group_with_canary(group_ops_setup):
+- return setup_gr_with_list(group_ops_setup, [GROUP1, CANARY_GR])
++def add_group_with_canary(passwd_ops_setup, group_ops_setup):
++ return setup_gr_with_list(
++ passwd_ops_setup, group_ops_setup, [GROUP1, CANARY_GR]
++ )
+
+
+ @pytest.fixture
+-def setup_gr_with_canary(group_ops_setup):
+- return setup_gr_with_list(group_ops_setup, [CANARY_GR])
++def setup_gr_with_canary(passwd_ops_setup, group_ops_setup):
++ return setup_gr_with_list(passwd_ops_setup, group_ops_setup, [CANARY_GR])
+
+
+ def poll_canary(fn, name, threshold=20):
+@@ -766,7 +781,9 @@ def test_gid_zero_does_not_resolve(files_domain_only):
+ assert res == NssReturnCode.NOTFOUND
+
+
+-def test_add_remove_add_file_group(setup_gr_with_canary, files_domain_only):
++def test_add_remove_add_file_group(
++ setup_pw_with_canary, setup_gr_with_canary, files_domain_only
++):
+ """
+ Test that removing a group is detected and the group
+ is removed from the sssd database. Similarly, an add
+@@ -776,6 +793,7 @@ def test_add_remove_add_file_group(setup_gr_with_canary, files_domain_only):
+ res, group = call_sssd_getgrnam(GROUP1["name"])
+ assert res == NssReturnCode.NOTFOUND
+
++ add_group_members(setup_pw_with_canary, GROUP1)
+ setup_gr_with_canary.groupadd(**GROUP1)
+ check_group(GROUP1)
+
+@@ -817,8 +835,10 @@ def test_mod_group_gid(add_group_with_canary, files_domain_only):
+
+
+ @pytest.fixture
+-def add_group_nomem_with_canary(group_ops_setup):
+- return setup_gr_with_list(group_ops_setup, [GROUP_NOMEM, CANARY_GR])
++def add_group_nomem_with_canary(passwd_ops_setup, group_ops_setup):
++ return setup_gr_with_list(
++ passwd_ops_setup, group_ops_setup, [GROUP_NOMEM, CANARY_GR]
++ )
+
+
+ def test_getgrnam_no_members(add_group_nomem_with_canary, files_domain_only):
+@@ -911,16 +931,19 @@ def test_getgrnam_ghost(setup_pw_with_canary,
+ setup_gr_with_canary,
+ files_domain_only):
+ """
+- Test that a group with members while the members are not present
+- are added as ghosts. This is also what nss_files does, getgrnam would
+- return group members that do not exist as well.
++ Test that group if not found (and will be handled by nss_files) if there
++ are any ghost members.
+ """
+ user_and_group_setup(setup_pw_with_canary,
+ setup_gr_with_canary,
+ [],
+ [GROUP12],
+ False)
+- check_group(GROUP12)
++
++ time.sleep(1)
++ res, group = call_sssd_getgrnam(GROUP12["name"])
++ assert res == NssReturnCode.NOTFOUND
++
+ for member in GROUP12['mem']:
+ res, _ = call_sssd_getpwnam(member)
+ assert res == NssReturnCode.NOTFOUND
+@@ -932,7 +955,10 @@ def ghost_and_member_test(pw_ops, grp_ops, reverse):
+ [USER1],
+ [GROUP12],
+ reverse)
+- check_group(GROUP12)
++
++ time.sleep(1)
++ res, group = call_sssd_getgrnam(GROUP12["name"])
++ assert res == NssReturnCode.NOTFOUND
+
+ # We checked that the group added has the same members as group12,
+ # so both user1 and user2. Now check that user1 is a member of
+@@ -1027,28 +1053,21 @@ def test_getgrnam_add_remove_ghosts(setup_pw_with_canary,
+ modgroup = dict(GROUP_NOMEM)
+ modgroup['mem'] = ['user1', 'user2']
+ add_group_nomem_with_canary.groupmod(old_name=modgroup['name'], **modgroup)
+- check_group(modgroup)
++ time.sleep(1)
++ res, group = call_sssd_getgrnam(modgroup['name'])
++ assert res == sssd_id.NssReturnCode.NOTFOUND
+
+ modgroup['mem'] = ['user2']
+ add_group_nomem_with_canary.groupmod(old_name=modgroup['name'], **modgroup)
+- check_group(modgroup)
++ time.sleep(1)
++ res, group = call_sssd_getgrnam(modgroup['name'])
++ assert res == sssd_id.NssReturnCode.NOTFOUND
+
+ res, _ = call_sssd_getpwnam('user1')
+ assert res == NssReturnCode.NOTFOUND
+ res, _ = call_sssd_getpwnam('user2')
+ assert res == NssReturnCode.NOTFOUND
+
+- # Add this user and verify it's been added as a member
+- pwd_ops.useradd(**USER2)
+- # The negative cache might still have user2 from the previous request,
+- # flushing the caches might help to prevent a failed lookup after adding
+- # the user.
+- subprocess.call(["sss_cache", "-E"])
+- res, groups = sssd_id_sync('user2')
+- assert res == sssd_id.NssReturnCode.SUCCESS
+- assert len(groups) == 2
+- assert 'group_nomem' in groups
+-
+
+ def realloc_users(pwd_ops, num):
+ # Intentionally not including the last one because
+--
+2.21.3
+
diff --git a/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch b/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch
deleted file mode 100644
index 3901ba0..0000000
--- a/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-From f9b3c0d1009da8d8dbe273c38d6725100789e57b Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 8 Jan 2020 13:46:22 +0100
-Subject: [PATCH 26/27] ssh: do not mix different certificate lists
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There was a list of binary certificates and a list with base64 encoded
-ones which might be different depending on the active matching rules.
-Only the base64 one with the filtered results should be used.
-
-Related to https://pagure.io/SSSD/sssd/issue/4121
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/tests/cmocka/test_cert_utils.c | 80 +++++++++++++++++++++++++++
- src/util/cert.h | 3 +
- src/util/cert/cert_common.c | 20 +++++++
- src/util/cert/cert_common_p11_child.c | 12 ++--
- 4 files changed, 108 insertions(+), 7 deletions(-)
-
-diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
-index 325e49f00..c2c9ca270 100644
---- a/src/tests/cmocka/test_cert_utils.c
-+++ b/src/tests/cmocka/test_cert_utils.c
-@@ -711,6 +711,84 @@ void test_cert_to_ssh_2keys_with_certmap_send(void **state)
- talloc_free(ev);
- }
-
-+void test_cert_to_ssh_2keys_with_certmap_2_done(struct tevent_req *req)
-+{
-+ int ret;
-+ struct test_state *ts = tevent_req_callback_data(req, struct test_state);
-+ struct ldb_val *keys;
-+ uint8_t *exp_key;
-+ size_t exp_key_size;
-+ size_t valid_keys;
-+
-+ assert_non_null(ts);
-+ ts->done = true;
-+
-+ ret = cert_to_ssh_key_recv(req, ts, &keys, &valid_keys);
-+ talloc_free(req);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(keys[0].data);
-+ assert_int_equal(valid_keys, 1);
-+
-+ exp_key = sss_base64_decode(ts, SSSD_TEST_CERT_SSH_KEY_0002, &exp_key_size);
-+ assert_non_null(exp_key);
-+ assert_int_equal(keys[0].length, exp_key_size);
-+ assert_memory_equal(keys[0].data, exp_key, exp_key_size);
-+ talloc_free(exp_key);
-+
-+ talloc_free(keys);
-+ sss_certmap_free_ctx(ts->sss_certmap_ctx);
-+}
-+
-+void test_cert_to_ssh_2keys_with_certmap_2_send(void **state)
-+{
-+ int ret;
-+ struct tevent_context *ev;
-+ struct tevent_req *req;
-+ struct ldb_val val[2];
-+
-+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
-+ assert_non_null(ts);
-+ ts->done = false;
-+
-+ ret = sss_certmap_init(ts, NULL, NULL, &ts->sss_certmap_ctx);
-+ assert_int_equal(ret, EOK);
-+
-+ ret = sss_certmap_add_rule(ts->sss_certmap_ctx, -1,
-+ "<SUBJECT>CN=SSSD test cert 0002,.*", NULL,
-+ NULL);
-+ assert_int_equal(ret, EOK);
-+
-+ val[0].data = sss_base64_decode(ts, SSSD_TEST_CERT_0001,
-+ &val[0].length);
-+ assert_non_null(val[0].data);
-+
-+ val[1].data = sss_base64_decode(ts, SSSD_TEST_CERT_0002,
-+ &val[1].length);
-+ assert_non_null(val[1].data);
-+
-+ ev = tevent_context_init(ts);
-+ assert_non_null(ev);
-+
-+ req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
-+#ifdef HAVE_NSS
-+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
-+#else
-+ ABS_BUILD_DIR "/src/tests/test_CA/SSSD_test_CA.pem",
-+#endif
-+ ts->sss_certmap_ctx, 2, &val[0], NULL);
-+ assert_non_null(req);
-+
-+ tevent_req_set_callback(req, test_cert_to_ssh_2keys_with_certmap_2_done, ts);
-+
-+ while (!ts->done) {
-+ tevent_loop_once(ev);
-+ }
-+
-+ talloc_free(val[0].data);
-+ talloc_free(val[1].data);
-+ talloc_free(ev);
-+}
-+
- int main(int argc, const char *argv[])
- {
- poptContext pc;
-@@ -746,6 +824,8 @@ int main(int argc, const char *argv[])
- setup, teardown),
- cmocka_unit_test_setup_teardown(test_cert_to_ssh_2keys_with_certmap_send,
- setup, teardown),
-+ cmocka_unit_test_setup_teardown(test_cert_to_ssh_2keys_with_certmap_2_send,
-+ setup, teardown),
- #endif
- };
-
-diff --git a/src/util/cert.h b/src/util/cert.h
-index e0d44e3d6..d038a99f6 100644
---- a/src/util/cert.h
-+++ b/src/util/cert.h
-@@ -52,6 +52,9 @@ errno_t get_ssh_key_from_cert(TALLOC_CTX *mem_ctx,
- uint8_t *der_blob, size_t der_size,
- uint8_t **key_blob, size_t *key_size);
-
-+errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64,
-+ uint8_t **key_blob, size_t *key_size);
-+
- struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- int child_debug_fd, time_t timeout,
-diff --git a/src/util/cert/cert_common.c b/src/util/cert/cert_common.c
-index 766877089..511fddd4d 100644
---- a/src/util/cert/cert_common.c
-+++ b/src/util/cert/cert_common.c
-@@ -206,3 +206,23 @@ done:
-
- return ret;
- }
-+
-+errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64,
-+ uint8_t **key_blob, size_t *key_size)
-+{
-+ int ret;
-+ uint8_t *der_blob;
-+ size_t der_size;
-+
-+ der_blob = sss_base64_decode(mem_ctx, derb64, &der_size);
-+ if (der_blob == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
-+ return EIO;
-+ }
-+
-+ ret = get_ssh_key_from_cert(mem_ctx, der_blob, der_size,
-+ key_blob, key_size);
-+ talloc_free(der_blob);
-+
-+ return ret;
-+}
-diff --git a/src/util/cert/cert_common_p11_child.c b/src/util/cert/cert_common_p11_child.c
-index 80c10eff1..1846ff89a 100644
---- a/src/util/cert/cert_common_p11_child.c
-+++ b/src/util/cert/cert_common_p11_child.c
-@@ -28,7 +28,6 @@ struct cert_to_ssh_key_state {
- time_t timeout;
- const char **extra_args;
- const char **certs;
-- struct ldb_val *bin_certs;
- struct ldb_val *keys;
- size_t cert_count;
- size_t iter;
-@@ -74,7 +73,6 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- state->child_debug_fd = (child_debug_fd == -1) ? STDERR_FILENO
- : child_debug_fd;
- state->timeout = timeout;
-- state->bin_certs = bin_certs;
- state->io = talloc(state, struct child_io_fds);
- if (state->io == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc failed.\n");
-@@ -138,6 +136,7 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- ret = EINVAL;
- goto done;
- }
-+
- state->cert_count++;
- }
-
-@@ -289,11 +288,10 @@ static void cert_to_ssh_key_done(int child_status,
- if (valid) {
- DEBUG(SSSDBG_TRACE_LIBS, "Certificate [%s] is valid.\n",
- state->certs[state->iter]);
-- ret = get_ssh_key_from_cert(state->keys,
-- state->bin_certs[state->iter].data,
-- state->bin_certs[state->iter].length,
-- &state->keys[state->iter].data,
-- &state->keys[state->iter].length);
-+ ret = get_ssh_key_from_derb64(state->keys,
-+ state->certs[state->iter],
-+ &state->keys[state->iter].data,
-+ &state->keys[state->iter].length);
- if (ret == EOK) {
- state->valid_keys++;
- } else {
---
-2.20.1
-
diff --git a/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch b/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
new file mode 100644
index 0000000..1c4f461
--- /dev/null
+++ b/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
@@ -0,0 +1,42 @@
+From 100839b64390d7010bfa28552fd9381ef4366496 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 26 Jun 2020 09:48:17 +0200
+Subject: [PATCH] PAM: do not treat error for cache-only lookups as fatal
+
+The original fatal error came from a time where at this place in the
+code the response form the backend was checked and an error was clearly
+fatal.
+
+Now we only check if the entry is in the cache and valid. An error would
+mean that the backend is called to lookup or refresh the entry. So the
+backend can change the state of the cache and make upcoming cache
+lookups successful. So it makes sense to not only call the backend if
+ENOENT is returned but for all kind of errors.
+
+Resolves https://pagure.io/SSSD/sssd/issue/4098
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/responder/pam/pamsrv_cmd.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
+index 1cd901f15..666131cb7 100644
+--- a/src/responder/pam/pamsrv_cmd.c
++++ b/src/responder/pam/pamsrv_cmd.c
+@@ -1941,10 +1941,8 @@ static void pam_check_user_search_next(struct tevent_req *req)
+ ret = cache_req_single_domain_recv(preq, req, &result);
+ talloc_zfree(req);
+ if (ret != EOK && ret != ENOENT) {
+- DEBUG(SSSDBG_CRIT_FAILURE,
+- "Fatal error, killing connection!\n");
+- talloc_zfree(preq->cctx);
+- return;
++ DEBUG(SSSDBG_OP_FAILURE, "Cache lookup failed, trying to get fresh "
++ "data from the backened.\n");
+ }
+
+ DEBUG(SSSDBG_TRACE_ALL, "PAM initgroups scheme [%s].\n",
+--
+2.21.3
+
diff --git a/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch b/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch
deleted file mode 100644
index 32bacee..0000000
--- a/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch
+++ /dev/null
@@ -1,314 +0,0 @@
-From 849d495ea948e75ecb4ea469c9f8db4a740a2377 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 7 Feb 2020 20:32:45 +0100
-Subject: [PATCH 27/27] ssh: add 'no_rules' and 'all_rules' to
- ssh_use_certificate_matching_rules
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-To make ssh_use_certificate_matching_rules option more flexible and
-predictable the keywords 'all_rules' and 'no_rules' are added.
-'no_rules' can be used to allow all certificates.
-
-If rules names are given but no matching rules can be found this is
-considered an error and no ssh keys will be derived from the
-certificates.
-
-Related to https://pagure.io/SSSD/sssd/issue/4121
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/man/sssd.conf.5.xml | 16 +++--
- src/responder/ssh/ssh_cmd.c | 33 ++++++---
- src/responder/ssh/ssh_private.h | 1 +
- src/responder/ssh/ssh_reply.c | 8 +++
- src/tests/cmocka/test_ssh_srv.c | 122 +++++++++++++++++++++++++++++++-
- 5 files changed, 165 insertions(+), 15 deletions(-)
-
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index ef07c43d3..f71fbf4aa 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -1760,12 +1760,20 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2
- will be ignored.
- </para>
- <para>
-- If a non-existing rule name is given all rules will
-- be ignored and all available certificates will be
-- used to derive ssh keys.
-+ There are two special key words 'all_rules' and
-+ 'no_rules' which will enable all or no rules,
-+ respectively. The latter means that no certificates
-+ will be filtered out and ssh keys will be generated
-+ from all valid certificates.
- </para>
- <para>
-- Default: not set, all found rules are used
-+ A non-existing rule name is considered an error.
-+ If as a result no rule is selected all certificates
-+ will be ignored.
-+ </para>
-+ <para>
-+ Default: not set, equivalent to 'all_rules,
-+ all found rules are used
- </para>
- </listitem>
- </varlistentry>
-diff --git a/src/responder/ssh/ssh_cmd.c b/src/responder/ssh/ssh_cmd.c
-index 09f9b73b6..d1e7c667b 100644
---- a/src/responder/ssh/ssh_cmd.c
-+++ b/src/responder/ssh/ssh_cmd.c
-@@ -157,10 +157,26 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- size_t c;
- int ret;
- bool rule_added;
-+ bool all_rules = false;
-+ bool no_rules = false;
-+
-+ ssh_ctx->cert_rules_error = false;
-+
-+ if (ssh_ctx->cert_rules == NULL || ssh_ctx->cert_rules[0] == NULL) {
-+ all_rules = true;
-+ } else if (ssh_ctx->cert_rules[0] != NULL
-+ && ssh_ctx->cert_rules[1] == NULL) {
-+ if (strcmp(ssh_ctx->cert_rules[0], "all_rules") == 0) {
-+ all_rules = true;
-+ } else if (strcmp(ssh_ctx->cert_rules[0], "no_rules") == 0) {
-+ no_rules = true;
-+ }
-+ }
-
- if (!ssh_ctx->use_cert_keys
- || ssh_ctx->certmap_last_read
-- >= ssh_ctx->rctx->get_domains_last_call.tv_sec) {
-+ >= ssh_ctx->rctx->get_domains_last_call.tv_sec
-+ || no_rules) {
- DEBUG(SSSDBG_TRACE_ALL, "No certmap update needed.\n");
- return EOK;
- }
-@@ -180,9 +196,8 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
-
- for (c = 0; certmap_list[c] != NULL; c++) {
-
-- if (ssh_ctx->cert_rules != NULL
-- && !string_in_list(certmap_list[c]->name,
-- ssh_ctx->cert_rules, true)) {
-+ if (!all_rules && !string_in_list(certmap_list[c]->name,
-+ ssh_ctx->cert_rules, true)) {
- DEBUG(SSSDBG_TRACE_ALL, "Skipping matching rule [%s], it is "
- "not listed in the ssh_use_certificate_matching_rules "
- "option.\n", certmap_list[c]->name);
-@@ -212,11 +227,12 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- }
-
- if (!rule_added) {
-- DEBUG(SSSDBG_TRACE_ALL,
-- "No matching rule added, all certificates will be used.\n");
-+ DEBUG(SSSDBG_CONF_SETTINGS,
-+ "No matching rule added, please check "
-+ "ssh_use_certificate_matching_rules option values for typos .\n");
-
-- sss_certmap_free_ctx(sss_certmap_ctx);
-- sss_certmap_ctx = NULL;
-+ ret = EINVAL;
-+ goto done;
- }
-
- ret = EOK;
-@@ -228,6 +244,7 @@ done:
- ssh_ctx->certmap_last_read = ssh_ctx->rctx->get_domains_last_call.tv_sec;
- } else {
- sss_certmap_free_ctx(sss_certmap_ctx);
-+ ssh_ctx->cert_rules_error = true;
- }
-
- return ret;
-diff --git a/src/responder/ssh/ssh_private.h b/src/responder/ssh/ssh_private.h
-index 76a1aead3..028ccd616 100644
---- a/src/responder/ssh/ssh_private.h
-+++ b/src/responder/ssh/ssh_private.h
-@@ -40,6 +40,7 @@ struct ssh_ctx {
- time_t certmap_last_read;
- struct sss_certmap_ctx *sss_certmap_ctx;
- char **cert_rules;
-+ bool cert_rules_error;
- };
-
- struct sss_cmd_table *get_ssh_cmds(void);
-diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
-index 1200a3a36..97914266d 100644
---- a/src/responder/ssh/ssh_reply.c
-+++ b/src/responder/ssh/ssh_reply.c
-@@ -196,6 +196,14 @@ struct tevent_req *ssh_get_output_keys_send(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-+ if (state->ssh_ctx->cert_rules_error) {
-+ DEBUG(SSSDBG_CONF_SETTINGS,
-+ "Skipping keys from certificates because there was an error "
-+ "while processing matching rules.\n");
-+ ret = EOK;
-+ goto done;
-+ }
-+
- ret = confdb_get_string(cli_ctx->rctx->cdb, state,
- CONFDB_MONITOR_CONF_ENTRY,
- CONFDB_MONITOR_CERT_VERIFICATION, NULL,
-diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c
-index 45915f681..fc43663a7 100644
---- a/src/tests/cmocka/test_ssh_srv.c
-+++ b/src/tests/cmocka/test_ssh_srv.c
-@@ -712,6 +712,120 @@ void test_ssh_user_pubkey_cert_with_rule(void **state)
- assert_int_equal(ret, EOK);
- }
-
-+void test_ssh_user_pubkey_cert_with_all_rules(void **state)
-+{
-+ int ret;
-+ struct sysdb_attrs *attrs;
-+ /* Both rules are enabled, both certificates should be handled. */
-+ const char *rule_list[] = { "all_rules", NULL };
-+ struct certmap_info *certmap_list[] = { &rule_1, &rule_2, NULL};
-+
-+ attrs = sysdb_new_attrs(ssh_test_ctx);
-+ assert_non_null(attrs);
-+ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0001);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0002);
-+ assert_int_equal(ret, EOK);
-+
-+ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom,
-+ ssh_test_ctx->ssh_user_fqdn,
-+ attrs,
-+ LDB_FLAG_MOD_ADD);
-+ talloc_free(attrs);
-+ assert_int_equal(ret, EOK);
-+
-+ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn);
-+ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+
-+ /* Enable certificate support */
-+ ssh_test_ctx->ssh_ctx->use_cert_keys = true;
-+ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = certmap_list;
-+ ssh_test_ctx->ssh_ctx->certmap_last_read = 0;
-+ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1;
-+ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list);
-+#ifdef HAVE_NSS
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR
-+ "/src/tests/test_CA/p11_nssdb");
-+#else
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR
-+ "/src/tests/test_CA/SSSD_test_CA.pem");
-+#endif
-+
-+ set_cmd_cb(test_ssh_user_pubkey_cert_check);
-+ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS,
-+ ssh_test_ctx->ssh_cmds);
-+ assert_int_equal(ret, EOK);
-+
-+ /* Wait until the test finishes with EOK */
-+ ret = test_ev_loop(ssh_test_ctx->tctx);
-+ assert_int_equal(ret, EOK);
-+}
-+
-+void test_ssh_user_pubkey_cert_with_no_rules(void **state)
-+{
-+ int ret;
-+ struct sysdb_attrs *attrs;
-+ /* No rules should be used, both certificates should be handled. */
-+ const char *rule_list[] = { "no_rules", NULL };
-+ struct certmap_info *certmap_list[] = { &rule_1, &rule_2, NULL};
-+
-+ attrs = sysdb_new_attrs(ssh_test_ctx);
-+ assert_non_null(attrs);
-+ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0001);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0002);
-+ assert_int_equal(ret, EOK);
-+
-+ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom,
-+ ssh_test_ctx->ssh_user_fqdn,
-+ attrs,
-+ LDB_FLAG_MOD_ADD);
-+ talloc_free(attrs);
-+ assert_int_equal(ret, EOK);
-+
-+ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn);
-+ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+
-+ /* Enable certificate support */
-+ ssh_test_ctx->ssh_ctx->use_cert_keys = true;
-+ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = certmap_list;
-+ ssh_test_ctx->ssh_ctx->certmap_last_read = 0;
-+ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1;
-+ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list);
-+#ifdef HAVE_NSS
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR
-+ "/src/tests/test_CA/p11_nssdb");
-+#else
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR
-+ "/src/tests/test_CA/SSSD_test_CA.pem");
-+#endif
-+
-+ set_cmd_cb(test_ssh_user_pubkey_cert_check);
-+ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS,
-+ ssh_test_ctx->ssh_cmds);
-+ assert_int_equal(ret, EOK);
-+
-+ /* Wait until the test finishes with EOK */
-+ ret = test_ev_loop(ssh_test_ctx->tctx);
-+ assert_int_equal(ret, EOK);
-+}
-+
- void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state)
- {
- int ret;
-@@ -743,8 +857,6 @@ void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state)
- will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS);
- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-
- /* Enable certificate support */
- ssh_test_ctx->ssh_ctx->use_cert_keys = true;
-@@ -760,7 +872,7 @@ void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state)
- "/src/tests/test_CA/SSSD_test_CA.pem");
- #endif
-
-- set_cmd_cb(test_ssh_user_pubkey_cert_check);
-+ set_cmd_cb(test_ssh_user_one_pubkey_check);
- ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS,
- ssh_test_ctx->ssh_cmds);
- assert_int_equal(ret, EOK);
-@@ -852,6 +964,10 @@ int main(int argc, const char *argv[])
- ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_rule,
- ssh_test_setup, ssh_test_teardown),
-+ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules,
-+ ssh_test_setup, ssh_test_teardown),
-+ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_no_rules,
-+ ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_unknow_rule_name,
- ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_rule_1,
---
-2.20.1
-
diff --git a/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch b/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch
deleted file mode 100644
index 32b7d65..0000000
--- a/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Tue, 10 Sep 2019 14:33:37 +0000
-Subject: [PATCH] Add TCP level timeout to LDAP services
-
-In some cases the TCP connection may hang with data sent because
-of network conditions, this may cause the socket to stall for much
-longer than the timeout intended.
-Set a TCP option to forcibly timeout a socket that sees its data not
-ACKed within the ldap_network_timeout seconds.
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/util/sss_sockets.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
-index 0e4d8df8a..b6b6dbac5 100644
---- a/src/util/sss_sockets.c
-+++ b/src/util/sss_sockets.c
-@@ -79,6 +79,7 @@ static errno_t set_fd_common_opts(int fd, int timeout)
- int dummy = 1;
- int ret;
- struct timeval tv;
-+ unsigned int milli;
-
- /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but
- * failures are ignored.*/
-@@ -117,6 +118,16 @@ static errno_t set_fd_common_opts(int fd, int timeout)
- "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
- strerror(ret));
- }
-+
-+ milli = timeout * 1000; /* timeout in milliseconds */
-+ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
-+ sizeof(milli));
-+ if (ret != 0) {
-+ ret = errno;
-+ DEBUG(SSSDBG_FUNC_DATA,
-+ "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,
-+ strerror(ret));
-+ }
- }
-
- return EOK;
---
-2.21.1
-
diff --git a/SOURCES/0028-mem-cache-sizes-of-free-and-data-tables-were-made-co.patch b/SOURCES/0028-mem-cache-sizes-of-free-and-data-tables-were-made-co.patch
new file mode 100644
index 0000000..fe893fb
--- /dev/null
+++ b/SOURCES/0028-mem-cache-sizes-of-free-and-data-tables-were-made-co.patch
@@ -0,0 +1,193 @@
+From 2d90e642078c15f001b34a0a50a67fa6eac9a3b9 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 3 Mar 2020 18:44:11 +0100
+Subject: [PATCH 28/35] mem-cache: sizes of free and data tables were made
+ consistent
+
+Since size of "free table" didn't account for SSS_AVG_*_PAYLOAD factor
+only small fraction of "data table" was actually used.
+SSS_AVG_*_PAYLOAD differentiation for different payload types only
+affected size of hash table and was removed as unjustified.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5115
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/nss/nsssrv.c | 22 +++++++++++-------
+ src/responder/nss/nsssrv_mmap_cache.c | 33 +++++++--------------------
+ src/responder/nss/nsssrv_mmap_cache.h | 2 --
+ src/util/mmap_cache.h | 3 ---
+ 4 files changed, 22 insertions(+), 38 deletions(-)
+
+diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
+index 87300058f..21d93ae77 100644
+--- a/src/responder/nss/nsssrv.c
++++ b/src/responder/nss/nsssrv.c
+@@ -83,10 +83,9 @@ nss_clear_memcache(TALLOC_CTX *mem_ctx,
+ return ret;
+ }
+
+- /* TODO: read cache sizes from configuration */
+ DEBUG(SSSDBG_TRACE_FUNC, "Clearing memory caches.\n");
+ ret = sss_mmap_cache_reinit(nctx, nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_CACHE_ELEMENTS,
++ -1, /* keep current size */
+ (time_t) memcache_timeout,
+ &nctx->pwd_mc_ctx);
+ if (ret != EOK) {
+@@ -96,7 +95,7 @@ nss_clear_memcache(TALLOC_CTX *mem_ctx,
+ }
+
+ ret = sss_mmap_cache_reinit(nctx, nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_CACHE_ELEMENTS,
++ -1, /* keep current size */
+ (time_t) memcache_timeout,
+ &nctx->grp_mc_ctx);
+ if (ret != EOK) {
+@@ -106,7 +105,7 @@ nss_clear_memcache(TALLOC_CTX *mem_ctx,
+ }
+
+ ret = sss_mmap_cache_reinit(nctx, nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_CACHE_ELEMENTS,
++ -1, /* keep current size */
+ (time_t)memcache_timeout,
+ &nctx->initgr_mc_ctx);
+ if (ret != EOK) {
+@@ -210,6 +209,11 @@ done:
+
+ static int setup_memcaches(struct nss_ctx *nctx)
+ {
++ /* TODO: read cache sizes from configuration */
++ static const size_t SSS_MC_CACHE_PASSWD_SLOTS = 200000; /* 8mb */
++ static const size_t SSS_MC_CACHE_GROUP_SLOTS = 150000; /* 6mb */
++ static const size_t SSS_MC_CACHE_INITGROUP_SLOTS = 250000; /* 10mb */
++
+ int ret;
+ int memcache_timeout;
+
+@@ -239,11 +243,11 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ return EOK;
+ }
+
+- /* TODO: read cache sizes from configuration */
+ ret = sss_mmap_cache_init(nctx, "passwd",
+ nctx->mc_uid, nctx->mc_gid,
+ SSS_MC_PASSWD,
+- SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
++ SSS_MC_CACHE_PASSWD_SLOTS,
++ (time_t)memcache_timeout,
+ &nctx->pwd_mc_ctx);
+ if (ret) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
+@@ -252,7 +256,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ ret = sss_mmap_cache_init(nctx, "group",
+ nctx->mc_uid, nctx->mc_gid,
+ SSS_MC_GROUP,
+- SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
++ SSS_MC_CACHE_GROUP_SLOTS,
++ (time_t)memcache_timeout,
+ &nctx->grp_mc_ctx);
+ if (ret) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
+@@ -261,7 +266,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ ret = sss_mmap_cache_init(nctx, "initgroups",
+ nctx->mc_uid, nctx->mc_gid,
+ SSS_MC_INITGROUPS,
+- SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
++ SSS_MC_CACHE_INITGROUP_SLOTS,
++ (time_t)memcache_timeout,
+ &nctx->initgr_mc_ctx);
+ if (ret) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
+diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
+index 69e767690..5e23bbe6f 100644
+--- a/src/responder/nss/nsssrv_mmap_cache.c
++++ b/src/responder/nss/nsssrv_mmap_cache.c
+@@ -28,13 +28,6 @@
+ #include "responder/nss/nss_private.h"
+ #include "responder/nss/nsssrv_mmap_cache.h"
+
+-/* arbitrary (avg of my /etc/passwd) */
+-#define SSS_AVG_PASSWD_PAYLOAD (MC_SLOT_SIZE * 4)
+-/* short group name and no gids (private user group */
+-#define SSS_AVG_GROUP_PAYLOAD (MC_SLOT_SIZE * 3)
+-/* average place for 40 supplementary groups + 2 names */
+-#define SSS_AVG_INITGROUP_PAYLOAD (MC_SLOT_SIZE * 5)
+-
+ #define MC_NEXT_BARRIER(val) ((((val) + 1) & 0x00ffffff) | 0xf0000000)
+
+ #define MC_RAISE_BARRIER(m) do { \
+@@ -1251,24 +1244,14 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
+ enum sss_mc_type type, size_t n_elem,
+ time_t timeout, struct sss_mc_ctx **mcc)
+ {
++ /* sss_mc_header alone occupies whole slot,
++ * so each entry takes 2 slots at the very least
++ */
++ static const int PAYLOAD_FACTOR = 2;
++
+ struct sss_mc_ctx *mc_ctx = NULL;
+- int payload;
+ int ret, dret;
+
+- switch (type) {
+- case SSS_MC_PASSWD:
+- payload = SSS_AVG_PASSWD_PAYLOAD;
+- break;
+- case SSS_MC_GROUP:
+- payload = SSS_AVG_GROUP_PAYLOAD;
+- break;
+- case SSS_MC_INITGROUPS:
+- payload = SSS_AVG_INITGROUP_PAYLOAD;
+- break;
+- default:
+- return EINVAL;
+- }
+-
+ mc_ctx = talloc_zero(mem_ctx, struct sss_mc_ctx);
+ if (!mc_ctx) {
+ return ENOMEM;
+@@ -1303,9 +1286,9 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
+
+ /* hash table is double the size because it will store both forward and
+ * reverse keys (name/uid, name/gid, ..) */
+- mc_ctx->ht_size = MC_HT_SIZE(n_elem * 2);
+- mc_ctx->dt_size = MC_DT_SIZE(n_elem, payload);
+- mc_ctx->ft_size = MC_FT_SIZE(n_elem);
++ mc_ctx->ht_size = MC_HT_SIZE(2 * n_elem / PAYLOAD_FACTOR);
++ mc_ctx->dt_size = n_elem * MC_SLOT_SIZE;
++ mc_ctx->ft_size = n_elem / 8; /* 1 bit per slot */
+ mc_ctx->mmap_size = MC_HEADER_SIZE +
+ MC_ALIGN64(mc_ctx->dt_size) +
+ MC_ALIGN64(mc_ctx->ft_size) +
+diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h
+index e06257949..c40af2fb4 100644
+--- a/src/responder/nss/nsssrv_mmap_cache.h
++++ b/src/responder/nss/nsssrv_mmap_cache.h
+@@ -22,8 +22,6 @@
+ #ifndef _NSSSRV_MMAP_CACHE_H_
+ #define _NSSSRV_MMAP_CACHE_H_
+
+-#define SSS_MC_CACHE_ELEMENTS 50000
+-
+ struct sss_mc_ctx;
+
+ enum sss_mc_type {
+diff --git a/src/util/mmap_cache.h b/src/util/mmap_cache.h
+index 63e096027..d3d92bc98 100644
+--- a/src/util/mmap_cache.h
++++ b/src/util/mmap_cache.h
+@@ -40,9 +40,6 @@ typedef uint32_t rel_ptr_t;
+
+ #define MC_HT_SIZE(elems) ( (elems) * MC_32 )
+ #define MC_HT_ELEMS(size) ( (size) / MC_32 )
+-#define MC_DT_SIZE(elems, payload) ( (elems) * (payload) )
+-#define MC_FT_SIZE(elems) ( (elems) / 8 )
+-/* ^^ 8 bits per byte so we need just elems/8 bytes to represent all blocks */
+
+ #define MC_PTR_ADD(ptr, bytes) (void *)((uint8_t *)(ptr) + (bytes))
+ #define MC_PTR_DIFF(ptr, base) ((uint8_t *)(ptr) - (uint8_t *)(base))
+--
+2.21.3
+
diff --git a/SOURCES/0029-NSS-make-memcache-size-configurable.patch b/SOURCES/0029-NSS-make-memcache-size-configurable.patch
new file mode 100644
index 0000000..f69db08
--- /dev/null
+++ b/SOURCES/0029-NSS-make-memcache-size-configurable.patch
@@ -0,0 +1,543 @@
+From 80e7163b7bf512a45e2fa31494f3bdff9e9e2dce Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
+Date: Wed, 4 Mar 2020 16:26:18 +0100
+Subject: [PATCH 29/35] NSS: make memcache size configurable
+
+Added options to configure memcache size:
+memcache_size_passwd
+memcache_size_group
+memcache_size_initgroups
+
+Related:
+https://github.com/SSSD/sssd/issues/4578
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/confdb/confdb.h | 3 +
+ src/config/SSSDConfig/sssdoptions.py | 3 +
+ src/config/cfg_rules.ini | 3 +
+ src/man/sssd.conf.5.xml | 78 +++++++++
+ src/responder/nss/nsssrv.c | 104 ++++++++----
+ src/tests/intg/test_memory_cache.py | 236 +++++++++++++++++++++++++++
+ 6 files changed, 398 insertions(+), 29 deletions(-)
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index a5d35fd70..c96896da5 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -115,6 +115,9 @@
+ #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
+ #define CONFDB_NSS_DEFAULT_SHELL "default_shell"
+ #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout"
++#define CONFDB_NSS_MEMCACHE_SIZE_PASSWD "memcache_size_passwd"
++#define CONFDB_NSS_MEMCACHE_SIZE_GROUP "memcache_size_group"
++#define CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS "memcache_size_initgroups"
+ #define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring"
+ #define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home"
+
+diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
+index 9c071f70a..16d85cfa3 100644
+--- a/src/config/SSSDConfig/sssdoptions.py
++++ b/src/config/SSSDConfig/sssdoptions.py
+@@ -72,6 +72,9 @@ class SSSDOptions(object):
+ 'shell_fallback': _('If a shell stored in central directory is allowed but not available, use this fallback'),
+ 'default_shell': _('Shell to use if the provider does not list one'),
+ 'memcache_timeout': _('How long will be in-memory cache records valid'),
++ 'memcache_size_passwd': _('Number of slots in fast in-memory cache for passwd requests'),
++ 'memcache_size_group': _('Number of slots in fast in-memory cache for group requests'),
++ 'memcache_size_initgroups': _('Number of slots in fast in-memory cache for initgroups requests'),
+ 'homedir_substring': _('The value of this option will be used in the expansion of the override_homedir option '
+ 'if the template contains the format string %H.'),
+ 'get_domains_timeout': _('Specifies time in seconds for which the list of subdomains will be considered '
+diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
+index 1a7e2c5cd..2874ea048 100644
+--- a/src/config/cfg_rules.ini
++++ b/src/config/cfg_rules.ini
+@@ -92,6 +92,9 @@ option = shell_fallback
+ option = default_shell
+ option = get_domains_timeout
+ option = memcache_timeout
++option = memcache_size_passwd
++option = memcache_size_group
++option = memcache_size_initgroups
+
+ [rule/allowed_pam_options]
+ validator = ini_allowed_options
+diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
+index 9a9679a4b..9bc2e26e5 100644
+--- a/src/man/sssd.conf.5.xml
++++ b/src/man/sssd.conf.5.xml
+@@ -1100,6 +1100,84 @@ fallback_homedir = /home/%u
+ </para>
+ </listitem>
+ </varlistentry>
++ <varlistentry>
++ <term>memcache_size_passwd (integer)</term>
++ <listitem>
++ <para>
++ Number of slots allocated inside fast in-memory
++ cache for passwd requests. Note that one entry
++ in fast in-memory cache can occupy more than one slot.
++ Setting the size to 0 will disable the passwd in-memory
++ cache.
++ </para>
++ <para>
++ Default: 200000
++ </para>
++ <para>
++ WARNING: Disabled or too small in-memory cache can
++ have significant negative impact on SSSD's
++ performance.
++ </para>
++ <para>
++ NOTE: If the environment variable
++ SSS_NSS_USE_MEMCACHE is set to "NO", client
++ applications will not use the fast in-memory
++ cache.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>memcache_size_group (integer)</term>
++ <listitem>
++ <para>
++ Number of slots allocated inside fast in-memory
++ cache for group requests. Note that one entry
++ in fast in-memory cache can occupy more than one
++ slot. Setting the size to 0 will disable the group
++ in-memory cache.
++ </para>
++ <para>
++ Default: 150000
++ </para>
++ <para>
++ WARNING: Disabled or too small in-memory cache can
++ have significant negative impact on SSSD's
++ performance.
++ </para>
++ <para>
++ NOTE: If the environment variable
++ SSS_NSS_USE_MEMCACHE is set to "NO", client
++ applications will not use the fast in-memory
++ cache.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>memcache_size_initgroups (integer)</term>
++ <listitem>
++ <para>
++ Number of slots allocated inside fast in-memory
++ cache for initgroups requests. Note that one entry
++ in fast in-memory cache can occupy more than one
++ slot. Setting the size to 0 will disable the
++ initgroups in-memory cache.
++ </para>
++ <para>
++ Default: 250000
++ </para>
++ <para>
++ WARNING: Disabled or too small in-memory cache can
++ have significant negative impact on SSSD's
++ performance.
++ </para>
++ <para>
++ NOTE: If the environment variable
++ SSS_NSS_USE_MEMCACHE is set to "NO", client
++ applications will not use the fast in-memory
++ cache.
++ </para>
++ </listitem>
++ </varlistentry>
+ <varlistentry>
+ <term>user_attributes (string)</term>
+ <listitem>
+diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
+index 21d93ae77..0a201d3ae 100644
+--- a/src/responder/nss/nsssrv.c
++++ b/src/responder/nss/nsssrv.c
+@@ -209,13 +209,16 @@ done:
+
+ static int setup_memcaches(struct nss_ctx *nctx)
+ {
+- /* TODO: read cache sizes from configuration */
++ /* Default memcache sizes */
+ static const size_t SSS_MC_CACHE_PASSWD_SLOTS = 200000; /* 8mb */
+ static const size_t SSS_MC_CACHE_GROUP_SLOTS = 150000; /* 6mb */
+ static const size_t SSS_MC_CACHE_INITGROUP_SLOTS = 250000; /* 10mb */
+
+ int ret;
+ int memcache_timeout;
++ int mc_size_passwd;
++ int mc_size_group;
++ int mc_size_initgroups;
+
+ /* Remove the CLEAR_MC_FLAG file if exists. */
+ ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
+@@ -243,34 +246,77 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ return EOK;
+ }
+
+- ret = sss_mmap_cache_init(nctx, "passwd",
+- nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_PASSWD,
+- SSS_MC_CACHE_PASSWD_SLOTS,
+- (time_t)memcache_timeout,
+- &nctx->pwd_mc_ctx);
+- if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
+- }
+-
+- ret = sss_mmap_cache_init(nctx, "group",
+- nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_GROUP,
+- SSS_MC_CACHE_GROUP_SLOTS,
+- (time_t)memcache_timeout,
+- &nctx->grp_mc_ctx);
+- if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
+- }
+-
+- ret = sss_mmap_cache_init(nctx, "initgroups",
+- nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_INITGROUPS,
+- SSS_MC_CACHE_INITGROUP_SLOTS,
+- (time_t)memcache_timeout,
+- &nctx->initgr_mc_ctx);
+- if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
++ /* Get all memcache sizes from confdb (pwd, grp, initgr) */
++
++ ret = confdb_get_int(nctx->rctx->cdb,
++ CONFDB_NSS_CONF_ENTRY,
++ CONFDB_NSS_MEMCACHE_SIZE_PASSWD,
++ SSS_MC_CACHE_PASSWD_SLOTS,
++ &mc_size_passwd);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_FATAL_FAILURE,
++ "Failed to get 'memcache_size_passwd' option from confdb.\n");
++ return ret;
++ }
++
++ ret = confdb_get_int(nctx->rctx->cdb,
++ CONFDB_NSS_CONF_ENTRY,
++ CONFDB_NSS_MEMCACHE_SIZE_GROUP,
++ SSS_MC_CACHE_GROUP_SLOTS,
++ &mc_size_group);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_FATAL_FAILURE,
++ "Failed to get 'memcache_size_group' option from confdb.\n");
++ return ret;
++ }
++
++ ret = confdb_get_int(nctx->rctx->cdb,
++ CONFDB_NSS_CONF_ENTRY,
++ CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS,
++ SSS_MC_CACHE_INITGROUP_SLOTS,
++ &mc_size_initgroups);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_FATAL_FAILURE,
++ "Failed to get 'memcache_size_nitgroups' option from confdb.\n");
++ return ret;
++ }
++
++ /* Initialize the fast in-memory caches if they were not disabled */
++
++ if (mc_size_passwd != 0) {
++ ret = sss_mmap_cache_init(nctx, "passwd",
++ nctx->mc_uid, nctx->mc_gid,
++ SSS_MC_PASSWD,
++ mc_size_passwd,
++ (time_t)memcache_timeout,
++ &nctx->pwd_mc_ctx);
++ if (ret) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
++ }
++ }
++
++ if (mc_size_group != 0) {
++ ret = sss_mmap_cache_init(nctx, "group",
++ nctx->mc_uid, nctx->mc_gid,
++ SSS_MC_GROUP,
++ mc_size_group,
++ (time_t)memcache_timeout,
++ &nctx->grp_mc_ctx);
++ if (ret) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
++ }
++ }
++
++ if (mc_size_initgroups != 0) {
++ ret = sss_mmap_cache_init(nctx, "initgroups",
++ nctx->mc_uid, nctx->mc_gid,
++ SSS_MC_INITGROUPS,
++ mc_size_initgroups,
++ (time_t)memcache_timeout,
++ &nctx->initgr_mc_ctx);
++ if (ret) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
++ }
+ }
+
+ return EOK;
+diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py
+index 322f76fe0..6ed696e00 100644
+--- a/src/tests/intg/test_memory_cache.py
++++ b/src/tests/intg/test_memory_cache.py
+@@ -135,6 +135,112 @@ def load_data_to_ldap(request, ldap_conn):
+ create_ldap_fixture(request, ldap_conn, ent_list)
+
+
++@pytest.fixture
++def disable_memcache_rfc2307(request, ldap_conn):
++ load_data_to_ldap(request, ldap_conn)
++
++ conf = unindent("""\
++ [sssd]
++ domains = LDAP
++ services = nss
++
++ [nss]
++ memcache_size_group = 0
++ memcache_size_passwd = 0
++ memcache_size_initgroups = 0
++
++ [domain/LDAP]
++ ldap_auth_disable_tls_never_use_in_production = true
++ ldap_schema = rfc2307
++ id_provider = ldap
++ auth_provider = ldap
++ sudo_provider = ldap
++ ldap_uri = {ldap_conn.ds_inst.ldap_url}
++ ldap_search_base = {ldap_conn.ds_inst.base_dn}
++ """).format(**locals())
++ create_conf_fixture(request, conf)
++ create_sssd_fixture(request)
++ return None
++
++
++@pytest.fixture
++def disable_pwd_mc_rfc2307(request, ldap_conn):
++ load_data_to_ldap(request, ldap_conn)
++
++ conf = unindent("""\
++ [sssd]
++ domains = LDAP
++ services = nss
++
++ [nss]
++ memcache_size_passwd = 0
++
++ [domain/LDAP]
++ ldap_auth_disable_tls_never_use_in_production = true
++ ldap_schema = rfc2307
++ id_provider = ldap
++ auth_provider = ldap
++ sudo_provider = ldap
++ ldap_uri = {ldap_conn.ds_inst.ldap_url}
++ ldap_search_base = {ldap_conn.ds_inst.base_dn}
++ """).format(**locals())
++ create_conf_fixture(request, conf)
++ create_sssd_fixture(request)
++ return None
++
++
++@pytest.fixture
++def disable_grp_mc_rfc2307(request, ldap_conn):
++ load_data_to_ldap(request, ldap_conn)
++
++ conf = unindent("""\
++ [sssd]
++ domains = LDAP
++ services = nss
++
++ [nss]
++ memcache_size_group = 0
++
++ [domain/LDAP]
++ ldap_auth_disable_tls_never_use_in_production = true
++ ldap_schema = rfc2307
++ id_provider = ldap
++ auth_provider = ldap
++ sudo_provider = ldap
++ ldap_uri = {ldap_conn.ds_inst.ldap_url}
++ ldap_search_base = {ldap_conn.ds_inst.base_dn}
++ """).format(**locals())
++ create_conf_fixture(request, conf)
++ create_sssd_fixture(request)
++ return None
++
++
++@pytest.fixture
++def disable_initgr_mc_rfc2307(request, ldap_conn):
++ load_data_to_ldap(request, ldap_conn)
++
++ conf = unindent("""\
++ [sssd]
++ domains = LDAP
++ services = nss
++
++ [nss]
++ memcache_size_initgroups = 0
++
++ [domain/LDAP]
++ ldap_auth_disable_tls_never_use_in_production = true
++ ldap_schema = rfc2307
++ id_provider = ldap
++ auth_provider = ldap
++ sudo_provider = ldap
++ ldap_uri = {ldap_conn.ds_inst.ldap_url}
++ ldap_search_base = {ldap_conn.ds_inst.base_dn}
++ """).format(**locals())
++ create_conf_fixture(request, conf)
++ create_sssd_fixture(request)
++ return None
++
++
+ @pytest.fixture
+ def sanity_rfc2307(request, ldap_conn):
+ load_data_to_ldap(request, ldap_conn)
+@@ -354,6 +460,19 @@ def test_getgrnam_simple_with_mc(ldap_conn, sanity_rfc2307):
+ test_getgrnam_simple(ldap_conn, sanity_rfc2307)
+
+
++def test_getgrnam_simple_disabled_pwd_mc(ldap_conn, disable_pwd_mc_rfc2307):
++ test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307)
++ stop_sssd()
++ test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307)
++
++
++def test_getgrnam_simple_disabled_intitgr_mc(ldap_conn,
++ disable_initgr_mc_rfc2307):
++ test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307)
++ stop_sssd()
++ test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307)
++
++
+ def test_getgrnam_membership(ldap_conn, sanity_rfc2307):
+ ent.assert_group_by_name(
+ "group1",
+@@ -919,3 +1038,120 @@ def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307):
+ grp.getgrnam('group1')
+ with pytest.raises(KeyError):
+ grp.getgrgid(2001)
++
++
++def test_disabled_mc(ldap_conn, disable_memcache_rfc2307):
++ ent.assert_passwd_by_name(
++ 'user1',
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++ ent.assert_passwd_by_uid(
++ 1001,
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++
++ ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
++ ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
++
++ assert_user_gids_equal('user1', [2000, 2001])
++
++ stop_sssd()
++
++ # sssd is stopped and the memory cache is disabled;
++ # so pytest should not be able to find anything
++ with pytest.raises(KeyError):
++ pwd.getpwnam('user1')
++ with pytest.raises(KeyError):
++ pwd.getpwuid(1001)
++
++ with pytest.raises(KeyError):
++ grp.getgrnam('group1')
++ with pytest.raises(KeyError):
++ grp.getgrgid(2001)
++
++ with pytest.raises(KeyError):
++ (res, errno, gids) = sssd_id.get_user_gids('user1')
++
++
++def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307):
++ ent.assert_passwd_by_name(
++ 'user1',
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++ ent.assert_passwd_by_uid(
++ 1001,
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++
++ assert_user_gids_equal('user1', [2000, 2001])
++
++ stop_sssd()
++
++ # passwd cache is disabled
++ with pytest.raises(KeyError):
++ pwd.getpwnam('user1')
++ with pytest.raises(KeyError):
++ pwd.getpwuid(1001)
++
++ # Initgroups looks up the user first, hence KeyError from the
++ # passwd database even if the initgroups cache is active.
++ with pytest.raises(KeyError):
++ (res, errno, gids) = sssd_id.get_user_gids('user1')
++
++
++def test_disabled_group_mc(ldap_conn, disable_grp_mc_rfc2307):
++ ent.assert_passwd_by_name(
++ 'user1',
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++ ent.assert_passwd_by_uid(
++ 1001,
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++
++ ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
++ ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
++
++ assert_user_gids_equal('user1', [2000, 2001])
++
++ stop_sssd()
++
++ # group cache is disabled, other caches should work
++ ent.assert_passwd_by_name(
++ 'user1',
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++ ent.assert_passwd_by_uid(
++ 1001,
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++
++ with pytest.raises(KeyError):
++ grp.getgrnam('group1')
++ with pytest.raises(KeyError):
++ grp.getgrgid(2001)
++
++ assert_user_gids_equal('user1', [2000, 2001])
++
++
++def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307):
++ # Even if initgroups is disabled, passwd should work
++ ent.assert_passwd_by_name(
++ 'user1',
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++ ent.assert_passwd_by_uid(
++ 1001,
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++
++ stop_sssd()
++
++ ent.assert_passwd_by_name(
++ 'user1',
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
++ ent.assert_passwd_by_uid(
++ 1001,
++ dict(name='user1', passwd='*', uid=1001, gid=2001,
++ gecos='1001', shell='/bin/bash'))
+--
+2.21.3
+
diff --git a/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch b/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch
deleted file mode 100644
index 967a1c3..0000000
--- a/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 5b87af6f5b50c464ee7ea4558f73431e398e1423 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 10 Feb 2020 11:52:35 +0100
-Subject: [PATCH] sss_sockets: pass pointer instead of integer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-```
-/home/pbrezina/workspace/sssd/src/util/sss_sockets.c: In function ‘set_fd_common_opts’:
-/home/pbrezina/workspace/sssd/src/util/sss_sockets.c:123:61: error: passing argument 4 of ‘setsockopt’ makes pointer from integer without a cast [-Werror=int-conversion]
- 123 | ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
- | ^~~~~
- | |
- | unsigned int
-In file included from /home/pbrezina/workspace/sssd/src/util/sss_sockets.c:28:
-/usr/include/sys/socket.h:216:22: note: expected ‘const void *’ but argument is of type ‘unsigned int’
- 216 | const void *__optval, socklen_t __optlen) __THROW;
- | ~~~~~~~~~~~~^~~~~~~~
- CC src/util/sssd_kcm-sss_iobuf.o
-cc1: all warnings being treated as errors
-```
-
-Introduced by 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/util/sss_sockets.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
-index b6b6dbac5..6f2b71bc8 100644
---- a/src/util/sss_sockets.c
-+++ b/src/util/sss_sockets.c
-@@ -120,7 +120,7 @@ static errno_t set_fd_common_opts(int fd, int timeout)
- }
-
- milli = timeout * 1000; /* timeout in milliseconds */
-- ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
-+ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli,
- sizeof(milli));
- if (ret != 0) {
- ret = errno;
---
-2.21.1
-
diff --git a/SOURCES/0030-NSS-avoid-excessive-log-messages.patch b/SOURCES/0030-NSS-avoid-excessive-log-messages.patch
new file mode 100644
index 0000000..7ea31f3
--- /dev/null
+++ b/SOURCES/0030-NSS-avoid-excessive-log-messages.patch
@@ -0,0 +1,83 @@
+From e12340e7d9efe5f272e58d69333c1c09c3bcc44d Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Wed, 4 Mar 2020 21:09:33 +0100
+Subject: [PATCH 30/35] NSS: avoid excessive log messages
+
+ - do not log error message if mem-cache was disabled explicitly
+ - increase message severity in case of fail to store entry in mem-cache
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/nss/nss_protocol_grent.c | 12 +++++++-----
+ src/responder/nss/nss_protocol_pwent.c | 7 ++++---
+ 2 files changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c
+index 2f6d869ef..8f1d3fe81 100644
+--- a/src/responder/nss/nss_protocol_grent.c
++++ b/src/responder/nss/nss_protocol_grent.c
+@@ -292,16 +292,17 @@ nss_protocol_fill_grent(struct nss_ctx *nss_ctx,
+ num_results++;
+
+ /* Do not store entry in memory cache during enumeration or when
+- * requested. */
++ * requested or if cache explicitly disabled. */
+ if (!cmd_ctx->enumeration
+- && (cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0) {
++ && ((cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0)
++ && (nss_ctx->grp_mc_ctx != NULL)) {
+ members = (char *)&body[rp_members];
+ members_size = body_len - rp_members;
+ ret = sss_mmap_cache_gr_store(&nss_ctx->grp_mc_ctx, name, &pwfield,
+ gid, num_members, members,
+ members_size);
+ if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
++ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to store group %s (%s) in mem-cache [%d]: %s!\n",
+ name->str, result->domain->name, ret, sss_strerror(ret));
+ }
+@@ -423,7 +424,8 @@ nss_protocol_fill_initgr(struct nss_ctx *nss_ctx,
+ }
+
+ if (nss_ctx->initgr_mc_ctx
+- && (cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0) {
++ && ((cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0)
++ && (nss_ctx->initgr_mc_ctx != NULL)) {
+ to_sized_string(&rawname, cmd_ctx->rawname);
+ to_sized_string(&unique_name, result->lookup_name);
+
+@@ -431,7 +433,7 @@ nss_protocol_fill_initgr(struct nss_ctx *nss_ctx,
+ &unique_name, num_results,
+ body + 2 * sizeof(uint32_t));
+ if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
++ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to store initgroups %s (%s) in mem-cache [%d]: %s!\n",
+ rawname.str, domain->name, ret, sss_strerror(ret));
+ sss_packet_set_size(packet, 0);
+diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
+index 31fd01698..f9f3f0cf0 100644
+--- a/src/responder/nss/nss_protocol_pwent.c
++++ b/src/responder/nss/nss_protocol_pwent.c
+@@ -301,13 +301,14 @@ nss_protocol_fill_pwent(struct nss_ctx *nss_ctx,
+ num_results++;
+
+ /* Do not store entry in memory cache during enumeration or when
+- * requested. */
++ * requested or if cache explicitly disabled. */
+ if (!cmd_ctx->enumeration
+- && (cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0) {
++ && ((cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0)
++ && (nss_ctx->pwd_mc_ctx != NULL)) {
+ ret = sss_mmap_cache_pw_store(&nss_ctx->pwd_mc_ctx, name, &pwfield,
+ uid, gid, &gecos, &homedir, &shell);
+ if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
++ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to store user %s (%s) in mmap cache [%d]: %s!\n",
+ name->str, result->domain->name, ret, sss_strerror(ret));
+ }
+--
+2.21.3
+
diff --git a/SOURCES/0030-ssh-fix-matching-rules-default.patch b/SOURCES/0030-ssh-fix-matching-rules-default.patch
deleted file mode 100644
index ec3e047..0000000
--- a/SOURCES/0030-ssh-fix-matching-rules-default.patch
+++ /dev/null
@@ -1,235 +0,0 @@
-From 6f7f15691b071cefd4e04a9fee44af580b6c502b Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Mon, 9 Mar 2020 13:39:47 +0100
-Subject: [PATCH] ssh: fix matching rules default
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Before the ssh_use_certificate_matching_rules option was added the ssh
-responder returned ssh keys derived from all valid certificates. Since
-the default of the ssh_use_certificate_matching_rules option is
-'all_rules' in a case where no matching rules are defined all
-certificated will be filtered out and no ssh keys are returned.
-
-The intention of the default was to allow the same same certificates
-which are allowed in the PAM responder for authentication. The missing
-default matching rule which is currently use by the PAM responder if no
-other rules are available is added by this patch.
-
-There might still be a small regression in case certificates without the
-extended key usage (EKU) clientAuth were used for ssh. In this case
-'ssh_use_certificate_matching_rules = no_rules' or a suitable matching
-rule must be added to the configuration.
-
-Related to https://pagure.io/SSSD/sssd/issue/4121
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/man/sssd.conf.5.xml | 9 ++++-
- src/responder/pam/pam_helpers.h | 2 ++
- src/responder/pam/pamsrv_p11.c | 3 +-
- src/responder/ssh/ssh_cmd.c | 30 +++++++++++++----
- src/tests/cmocka/test_ssh_srv.c | 58 +++++++++++++++++++++++++++++++++
- 5 files changed, 93 insertions(+), 9 deletions(-)
-
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index 58383579c..a2567f5ac 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -1766,6 +1766,13 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2
- will be filtered out and ssh keys will be generated
- from all valid certificates.
- </para>
-+ <para>
-+ If no rules are configured using 'all_rules' will
-+ enable a default rule which enables all
-+ certificates suitable for client authentication.
-+ This is the same behavior as for the PAM responder
-+ if certificate authentication is enabled.
-+ </para>
- <para>
- A non-existing rule name is considered an error.
- If as a result no rule is selected all certificates
-@@ -1773,7 +1780,7 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2
- </para>
- <para>
- Default: not set, equivalent to 'all_rules,
-- all found rules are used
-+ all found rules or the default rule are used
- </para>
- </listitem>
- </varlistentry>
-diff --git a/src/responder/pam/pam_helpers.h b/src/responder/pam/pam_helpers.h
-index 614389706..23fd308bb 100644
---- a/src/responder/pam/pam_helpers.h
-+++ b/src/responder/pam/pam_helpers.h
-@@ -25,6 +25,8 @@
-
- #include "util/util.h"
-
-+#define CERT_AUTH_DEFAULT_MATCHING_RULE "KRB5:<EKU>clientAuth"
-+
- errno_t pam_initgr_cache_set(struct tevent_context *ev,
- hash_table_t *id_table,
- char *name,
-diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
-index 0dc53a826..8e276b200 100644
---- a/src/responder/pam/pamsrv_p11.c
-+++ b/src/responder/pam/pamsrv_p11.c
-@@ -26,13 +26,12 @@
- #include "util/child_common.h"
- #include "util/strtonum.h"
- #include "responder/pam/pamsrv.h"
-+#include "responder/pam/pam_helpers.h"
- #include "lib/certmap/sss_certmap.h"
- #include "util/crypto/sss_crypto.h"
- #include "db/sysdb.h"
-
-
--#define CERT_AUTH_DEFAULT_MATCHING_RULE "KRB5:<EKU>clientAuth"
--
- struct cert_auth_info {
- char *cert;
- char *token_name;
-diff --git a/src/responder/ssh/ssh_cmd.c b/src/responder/ssh/ssh_cmd.c
-index e42e29bfd..a593c904f 100644
---- a/src/responder/ssh/ssh_cmd.c
-+++ b/src/responder/ssh/ssh_cmd.c
-@@ -29,6 +29,7 @@
- #include "responder/common/responder.h"
- #include "responder/common/cache_req/cache_req.h"
- #include "responder/ssh/ssh_private.h"
-+#include "responder/pam/pam_helpers.h"
- #include "lib/certmap/sss_certmap.h"
-
- struct ssh_cmd_ctx {
-@@ -159,6 +160,7 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- bool rule_added;
- bool all_rules = false;
- bool no_rules = false;
-+ bool rules_present = false;
-
- ssh_ctx->cert_rules_error = false;
-
-@@ -195,6 +197,7 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- }
-
- for (c = 0; certmap_list[c] != NULL; c++) {
-+ rules_present = true;
-
- if (!all_rules && !string_in_list(certmap_list[c]->name,
- ssh_ctx->cert_rules, true)) {
-@@ -227,12 +230,27 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- }
-
- if (!rule_added) {
-- DEBUG(SSSDBG_CONF_SETTINGS,
-- "No matching rule added, please check "
-- "ssh_use_certificate_matching_rules option values for typos .\n");
--
-- ret = EINVAL;
-- goto done;
-+ if (!rules_present) {
-+ DEBUG(SSSDBG_TRACE_FUNC,
-+ "No rules available, trying to add default matching rule.\n");
-+ ret = sss_certmap_add_rule(sss_certmap_ctx, SSS_CERTMAP_MIN_PRIO,
-+ CERT_AUTH_DEFAULT_MATCHING_RULE,
-+ NULL, NULL);
-+ if (ret != 0) {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ "Failed to add default matching rule [%d][%s].\n",
-+ ret, sss_strerror(ret));
-+ goto done;
-+ }
-+ } else {
-+ DEBUG(SSSDBG_CONF_SETTINGS,
-+ "No matching rule added, please check "
-+ "ssh_use_certificate_matching_rules option values for "
-+ "typos.\n");
-+
-+ ret = EINVAL;
-+ goto done;
-+ }
- }
-
- ret = EOK;
-diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c
-index fc43663a7..a48013416 100644
---- a/src/tests/cmocka/test_ssh_srv.c
-+++ b/src/tests/cmocka/test_ssh_srv.c
-@@ -769,6 +769,62 @@ void test_ssh_user_pubkey_cert_with_all_rules(void **state)
- assert_int_equal(ret, EOK);
- }
-
-+void test_ssh_user_pubkey_cert_with_all_rules_but_no_rules_present(void **state)
-+{
-+ int ret;
-+ struct sysdb_attrs *attrs;
-+ /* Both rules are enabled, both certificates should be handled. */
-+ const char *rule_list[] = { "all_rules", NULL };
-+
-+ attrs = sysdb_new_attrs(ssh_test_ctx);
-+ assert_non_null(attrs);
-+ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0001);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0002);
-+ assert_int_equal(ret, EOK);
-+
-+ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom,
-+ ssh_test_ctx->ssh_user_fqdn,
-+ attrs,
-+ LDB_FLAG_MOD_ADD);
-+ talloc_free(attrs);
-+ assert_int_equal(ret, EOK);
-+
-+ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn);
-+ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+
-+ /* Enable certificate support */
-+ ssh_test_ctx->ssh_ctx->use_cert_keys = true;
-+ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = NULL;
-+ ssh_test_ctx->ssh_ctx->certmap_last_read = 0;
-+ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1;
-+ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list);
-+#ifdef HAVE_NSS
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR
-+ "/src/tests/test_CA/p11_nssdb");
-+#else
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR
-+ "/src/tests/test_CA/SSSD_test_CA.pem");
-+#endif
-+
-+ set_cmd_cb(test_ssh_user_pubkey_cert_check);
-+ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS,
-+ ssh_test_ctx->ssh_cmds);
-+ assert_int_equal(ret, EOK);
-+
-+ /* Wait until the test finishes with EOK */
-+ ret = test_ev_loop(ssh_test_ctx->tctx);
-+ assert_int_equal(ret, EOK);
-+}
-+
- void test_ssh_user_pubkey_cert_with_no_rules(void **state)
- {
- int ret;
-@@ -966,6 +1022,8 @@ int main(int argc, const char *argv[])
- ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules,
- ssh_test_setup, ssh_test_teardown),
-+ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules_but_no_rules_present,
-+ ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_no_rules,
- ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_unknow_rule_name,
---
-2.21.1
-
diff --git a/SOURCES/0031-NSS-enhanced-debug-during-mem-cache-initialization.patch b/SOURCES/0031-NSS-enhanced-debug-during-mem-cache-initialization.patch
new file mode 100644
index 0000000..270f768
--- /dev/null
+++ b/SOURCES/0031-NSS-enhanced-debug-during-mem-cache-initialization.patch
@@ -0,0 +1,101 @@
+From be8052bbb61c572702fe16e2850539f445dcc0e2 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Wed, 4 Mar 2020 22:13:52 +0100
+Subject: [PATCH 31/35] NSS: enhanced debug during mem-cache initialization
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/nss/nsssrv.c | 39 ++++++++++++++++++++++++++++++++------
+ 1 file changed, 33 insertions(+), 6 deletions(-)
+
+diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
+index 0a201d3ae..42a63d9bb 100644
+--- a/src/responder/nss/nsssrv.c
++++ b/src/responder/nss/nsssrv.c
+@@ -255,7 +255,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ &mc_size_passwd);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+- "Failed to get 'memcache_size_passwd' option from confdb.\n");
++ "Failed to get '"CONFDB_NSS_MEMCACHE_SIZE_PASSWD
++ "' option from confdb.\n");
+ return ret;
+ }
+
+@@ -266,7 +267,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ &mc_size_group);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+- "Failed to get 'memcache_size_group' option from confdb.\n");
++ "Failed to get '"CONFDB_NSS_MEMCACHE_SIZE_GROUP
++ "' option from confdb.\n");
+ return ret;
+ }
+
+@@ -277,7 +279,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ &mc_size_initgroups);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+- "Failed to get 'memcache_size_nitgroups' option from confdb.\n");
++ "Failed to get '"CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS
++ "' option from confdb.\n");
+ return ret;
+ }
+
+@@ -291,8 +294,16 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ (time_t)memcache_timeout,
+ &nctx->pwd_mc_ctx);
+ if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Failed to initialize passwd mmap cache: '%s'\n",
++ sss_strerror(ret));
++ } else {
++ DEBUG(SSSDBG_CONF_SETTINGS, "Passwd mmap cache size is %d\n",
++ mc_size_passwd);
+ }
++ } else {
++ DEBUG(SSSDBG_IMPORTANT_INFO,
++ "Passwd mmap cache is explicitly DISABLED\n");
+ }
+
+ if (mc_size_group != 0) {
+@@ -303,8 +314,16 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ (time_t)memcache_timeout,
+ &nctx->grp_mc_ctx);
+ if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Failed to initialize group mmap cache: '%s'\n",
++ sss_strerror(ret));
++ } else {
++ DEBUG(SSSDBG_CONF_SETTINGS, "Group mmap cache size is %d\n",
++ mc_size_group);
+ }
++ } else {
++ DEBUG(SSSDBG_IMPORTANT_INFO,
++ "Group mmap cache is explicitly DISABLED\n");
+ }
+
+ if (mc_size_initgroups != 0) {
+@@ -315,8 +334,16 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ (time_t)memcache_timeout,
+ &nctx->initgr_mc_ctx);
+ if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Failed to initialize initgroups mmap cache: '%s'\n",
++ sss_strerror(ret));
++ } else {
++ DEBUG(SSSDBG_CONF_SETTINGS, "Initgroups mmap cache size is %d\n",
++ mc_size_initgroups);
+ }
++ } else {
++ DEBUG(SSSDBG_IMPORTANT_INFO,
++ "Initgroups mmap cache is explicitly DISABLED\n");
+ }
+
+ return EOK;
+--
+2.21.3
+
diff --git a/SOURCES/0032-mem-cache-added-log-message-in-case-cache-is-full.patch b/SOURCES/0032-mem-cache-added-log-message-in-case-cache-is-full.patch
new file mode 100644
index 0000000..e46c6e1
--- /dev/null
+++ b/SOURCES/0032-mem-cache-added-log-message-in-case-cache-is-full.patch
@@ -0,0 +1,53 @@
+From 2ad4aa8f265e02d01f77e5d29d8377d849c78d11 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Wed, 4 Mar 2020 22:33:17 +0100
+Subject: [PATCH 32/35] mem-cache: added log message in case cache is full
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/nss/nsssrv_mmap_cache.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
+index 5e23bbe6f..23df164da 100644
+--- a/src/responder/nss/nsssrv_mmap_cache.c
++++ b/src/responder/nss/nsssrv_mmap_cache.c
+@@ -371,6 +371,20 @@ static bool sss_mc_is_valid_rec(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec)
+ return true;
+ }
+
++static const char *mc_type_to_str(enum sss_mc_type type)
++{
++ switch (type) {
++ case SSS_MC_PASSWD:
++ return "PASSWD";
++ case SSS_MC_GROUP:
++ return "GROUP";
++ case SSS_MC_INITGROUPS:
++ return "INITGROUPS";
++ default:
++ return "-UNKNOWN-";
++ }
++}
++
+ /* FIXME: This is a very simplistic, inefficient, memory allocator,
+ * it will just free the oldest entries regardless of expiration if it
+ * cycled the whole free bits map and found no empty slot */
+@@ -438,6 +452,14 @@ static errno_t sss_mc_find_free_slots(struct sss_mc_ctx *mcc,
+ } else {
+ cur = mcc->next_slot;
+ }
++ if (cur == 0) {
++ /* inform only once per full loop to avoid excessive spam */
++ DEBUG(SSSDBG_IMPORTANT_INFO, "mmap cache of type '%s' is full\n",
++ mc_type_to_str(mcc->type));
++ sss_log(SSS_LOG_NOTICE, "mmap cache of type '%s' is full, if you see "
++ "this message often then please consider increase of cache size",
++ mc_type_to_str(mcc->type));
++ }
+ for (i = 0; i < num_slots; i++) {
+ MC_PROBE_BIT(mcc->free_table, cur + i, used);
+ if (used) {
+--
+2.21.3
+
diff --git a/SOURCES/0033-NSS-make-memcache-size-configurable-in-megabytes.patch b/SOURCES/0033-NSS-make-memcache-size-configurable-in-megabytes.patch
new file mode 100644
index 0000000..ba3365f
--- /dev/null
+++ b/SOURCES/0033-NSS-make-memcache-size-configurable-in-megabytes.patch
@@ -0,0 +1,189 @@
+From b7f31936e21b109b5446c48513619cd87974be54 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 31 Mar 2020 22:57:25 +0200
+Subject: [PATCH 33/35] NSS: make memcache size configurable in megabytes
+
+Memcache size was made configurable in megabytes and not in slots
+to hide internal implementation from users.
+
+Relates: https://github.com/SSSD/sssd/issues/5115
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/config/SSSDConfig/sssdoptions.py | 6 ++---
+ src/man/sssd.conf.5.xml | 33 +++++++++++++---------------
+ src/responder/nss/nsssrv.c | 20 +++++++++--------
+ 3 files changed, 29 insertions(+), 30 deletions(-)
+
+diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
+index 16d85cfa3..f57ad4b41 100644
+--- a/src/config/SSSDConfig/sssdoptions.py
++++ b/src/config/SSSDConfig/sssdoptions.py
+@@ -72,9 +72,9 @@ class SSSDOptions(object):
+ 'shell_fallback': _('If a shell stored in central directory is allowed but not available, use this fallback'),
+ 'default_shell': _('Shell to use if the provider does not list one'),
+ 'memcache_timeout': _('How long will be in-memory cache records valid'),
+- 'memcache_size_passwd': _('Number of slots in fast in-memory cache for passwd requests'),
+- 'memcache_size_group': _('Number of slots in fast in-memory cache for group requests'),
+- 'memcache_size_initgroups': _('Number of slots in fast in-memory cache for initgroups requests'),
++ 'memcache_size_passwd': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for passwd requests'),
++ 'memcache_size_group': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for group requests'),
++ 'memcache_size_initgroups': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for initgroups requests'),
+ 'homedir_substring': _('The value of this option will be used in the expansion of the override_homedir option '
+ 'if the template contains the format string %H.'),
+ 'get_domains_timeout': _('Specifies time in seconds for which the list of subdomains will be considered '
+diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
+index 9bc2e26e5..874a09c49 100644
+--- a/src/man/sssd.conf.5.xml
++++ b/src/man/sssd.conf.5.xml
+@@ -1076,7 +1076,7 @@ fallback_homedir = /home/%u
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+- <term>memcache_timeout (int)</term>
++ <term>memcache_timeout (integer)</term>
+ <listitem>
+ <para>
+ Specifies time in seconds for which records
+@@ -1104,14 +1104,13 @@ fallback_homedir = /home/%u
+ <term>memcache_size_passwd (integer)</term>
+ <listitem>
+ <para>
+- Number of slots allocated inside fast in-memory
+- cache for passwd requests. Note that one entry
+- in fast in-memory cache can occupy more than one slot.
+- Setting the size to 0 will disable the passwd in-memory
+- cache.
++ Size (in megabytes) of the data table allocated inside
++ fast in-memory cache for passwd requests.
++ Setting the size to 0 will disable the passwd
++ in-memory cache.
+ </para>
+ <para>
+- Default: 200000
++ Default: 8
+ </para>
+ <para>
+ WARNING: Disabled or too small in-memory cache can
+@@ -1130,14 +1129,13 @@ fallback_homedir = /home/%u
+ <term>memcache_size_group (integer)</term>
+ <listitem>
+ <para>
+- Number of slots allocated inside fast in-memory
+- cache for group requests. Note that one entry
+- in fast in-memory cache can occupy more than one
+- slot. Setting the size to 0 will disable the group
++ Size (in megabytes) of the data table allocated inside
++ fast in-memory cache for group requests.
++ Setting the size to 0 will disable the group
+ in-memory cache.
+ </para>
+ <para>
+- Default: 150000
++ Default: 6
+ </para>
+ <para>
+ WARNING: Disabled or too small in-memory cache can
+@@ -1156,14 +1154,13 @@ fallback_homedir = /home/%u
+ <term>memcache_size_initgroups (integer)</term>
+ <listitem>
+ <para>
+- Number of slots allocated inside fast in-memory
+- cache for initgroups requests. Note that one entry
+- in fast in-memory cache can occupy more than one
+- slot. Setting the size to 0 will disable the
+- initgroups in-memory cache.
++ Size (in megabytes) of the data table allocated inside
++ fast in-memory cache for initgroups requests.
++ Setting the size to 0 will disable the initgroups
++ in-memory cache.
+ </para>
+ <para>
+- Default: 250000
++ Default: 10
+ </para>
+ <para>
+ WARNING: Disabled or too small in-memory cache can
+diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
+index 42a63d9bb..741e94aaa 100644
+--- a/src/responder/nss/nsssrv.c
++++ b/src/responder/nss/nsssrv.c
+@@ -34,6 +34,7 @@
+
+ #include "util/util.h"
+ #include "util/sss_ptr_hash.h"
++#include "util/mmap_cache.h"
+ #include "responder/nss/nss_private.h"
+ #include "responder/nss/nss_iface.h"
+ #include "responder/nss/nsssrv_mmap_cache.h"
+@@ -210,9 +211,10 @@ done:
+ static int setup_memcaches(struct nss_ctx *nctx)
+ {
+ /* Default memcache sizes */
+- static const size_t SSS_MC_CACHE_PASSWD_SLOTS = 200000; /* 8mb */
+- static const size_t SSS_MC_CACHE_GROUP_SLOTS = 150000; /* 6mb */
+- static const size_t SSS_MC_CACHE_INITGROUP_SLOTS = 250000; /* 10mb */
++ static const size_t SSS_MC_CACHE_SLOTS_PER_MB = 1024*1024/MC_SLOT_SIZE;
++ static const size_t SSS_MC_CACHE_PASSWD_SIZE = 8;
++ static const size_t SSS_MC_CACHE_GROUP_SIZE = 6;
++ static const size_t SSS_MC_CACHE_INITGROUP_SIZE = 10;
+
+ int ret;
+ int memcache_timeout;
+@@ -251,7 +253,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ ret = confdb_get_int(nctx->rctx->cdb,
+ CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_MEMCACHE_SIZE_PASSWD,
+- SSS_MC_CACHE_PASSWD_SLOTS,
++ SSS_MC_CACHE_PASSWD_SIZE,
+ &mc_size_passwd);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+@@ -263,7 +265,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ ret = confdb_get_int(nctx->rctx->cdb,
+ CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_MEMCACHE_SIZE_GROUP,
+- SSS_MC_CACHE_GROUP_SLOTS,
++ SSS_MC_CACHE_GROUP_SIZE,
+ &mc_size_group);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+@@ -275,7 +277,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ ret = confdb_get_int(nctx->rctx->cdb,
+ CONFDB_NSS_CONF_ENTRY,
+ CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS,
+- SSS_MC_CACHE_INITGROUP_SLOTS,
++ SSS_MC_CACHE_INITGROUP_SIZE,
+ &mc_size_initgroups);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE,
+@@ -290,7 +292,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ ret = sss_mmap_cache_init(nctx, "passwd",
+ nctx->mc_uid, nctx->mc_gid,
+ SSS_MC_PASSWD,
+- mc_size_passwd,
++ mc_size_passwd * SSS_MC_CACHE_SLOTS_PER_MB,
+ (time_t)memcache_timeout,
+ &nctx->pwd_mc_ctx);
+ if (ret) {
+@@ -310,7 +312,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ ret = sss_mmap_cache_init(nctx, "group",
+ nctx->mc_uid, nctx->mc_gid,
+ SSS_MC_GROUP,
+- mc_size_group,
++ mc_size_group * SSS_MC_CACHE_SLOTS_PER_MB,
+ (time_t)memcache_timeout,
+ &nctx->grp_mc_ctx);
+ if (ret) {
+@@ -330,7 +332,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ ret = sss_mmap_cache_init(nctx, "initgroups",
+ nctx->mc_uid, nctx->mc_gid,
+ SSS_MC_INITGROUPS,
+- mc_size_initgroups,
++ mc_size_initgroups * SSS_MC_CACHE_SLOTS_PER_MB,
+ (time_t)memcache_timeout,
+ &nctx->initgr_mc_ctx);
+ if (ret) {
+--
+2.21.3
+
diff --git a/SOURCES/0034-mem-cache-comment-added.patch b/SOURCES/0034-mem-cache-comment-added.patch
new file mode 100644
index 0000000..05404fb
--- /dev/null
+++ b/SOURCES/0034-mem-cache-comment-added.patch
@@ -0,0 +1,38 @@
+From b96b05bc40757b26f177e4093d7f4f5b96a0f7d0 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 3 Jul 2020 18:45:11 +0200
+Subject: [PATCH 34/35] mem-cache: comment added
+
+Added comment explaining usage of `mcc->next_slot`
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/nss/nsssrv_mmap_cache.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
+index 23df164da..71919e4ac 100644
+--- a/src/responder/nss/nsssrv_mmap_cache.c
++++ b/src/responder/nss/nsssrv_mmap_cache.c
+@@ -65,7 +65,7 @@ struct sss_mc_ctx {
+
+ uint8_t *free_table; /* free list bitmaps */
+ uint32_t ft_size; /* size of free table */
+- uint32_t next_slot; /* the next slot after last allocation */
++ uint32_t next_slot; /* the next slot after last allocation done via erasure */
+
+ uint8_t *data_table; /* data table address (in mmap) */
+ uint32_t dt_size; /* size of data table */
+@@ -442,6 +442,9 @@ static errno_t sss_mc_find_free_slots(struct sss_mc_ctx *mcc,
+ if (cur == t) {
+ /* ok found num_slots consecutive free bits */
+ *free_slot = cur - num_slots;
++ /* `mcc->next_slot` is not updated here intentionally.
++ * For details see discussion in https://github.com/SSSD/sssd/pull/999
++ */
+ return EOK;
+ }
+ }
+--
+2.21.3
+
diff --git a/SOURCES/0035-mem-cache-always-cleanup-old-content.patch b/SOURCES/0035-mem-cache-always-cleanup-old-content.patch
new file mode 100644
index 0000000..af2e7ca
--- /dev/null
+++ b/SOURCES/0035-mem-cache-always-cleanup-old-content.patch
@@ -0,0 +1,262 @@
+From 484507bf20d27afd700d52c67651e6f08d1da1a3 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Wed, 8 Jul 2020 11:34:12 +0200
+Subject: [PATCH 35/35] mem-cache: always cleanup old content
+
+(Try to) cleanup old files even if currently mem-cache is disabled.
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/nss/nsssrv.c | 98 ++++++++++-----------------
+ src/responder/nss/nsssrv_mmap_cache.c | 74 ++++++++++++--------
+ 2 files changed, 79 insertions(+), 93 deletions(-)
+
+diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
+index 741e94aaa..ffb1ca29d 100644
+--- a/src/responder/nss/nsssrv.c
++++ b/src/responder/nss/nsssrv.c
+@@ -242,12 +242,6 @@ static int setup_memcaches(struct nss_ctx *nctx)
+ return ret;
+ }
+
+- if (memcache_timeout == 0) {
+- DEBUG(SSSDBG_CONF_SETTINGS,
+- "Fast in-memory cache will not be initialized.");
+- return EOK;
+- }
+-
+ /* Get all memcache sizes from confdb (pwd, grp, initgr) */
+
+ ret = confdb_get_int(nctx->rctx->cdb,
+@@ -288,64 +282,40 @@ static int setup_memcaches(struct nss_ctx *nctx)
+
+ /* Initialize the fast in-memory caches if they were not disabled */
+
+- if (mc_size_passwd != 0) {
+- ret = sss_mmap_cache_init(nctx, "passwd",
+- nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_PASSWD,
+- mc_size_passwd * SSS_MC_CACHE_SLOTS_PER_MB,
+- (time_t)memcache_timeout,
+- &nctx->pwd_mc_ctx);
+- if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE,
+- "Failed to initialize passwd mmap cache: '%s'\n",
+- sss_strerror(ret));
+- } else {
+- DEBUG(SSSDBG_CONF_SETTINGS, "Passwd mmap cache size is %d\n",
+- mc_size_passwd);
+- }
+- } else {
+- DEBUG(SSSDBG_IMPORTANT_INFO,
+- "Passwd mmap cache is explicitly DISABLED\n");
+- }
+-
+- if (mc_size_group != 0) {
+- ret = sss_mmap_cache_init(nctx, "group",
+- nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_GROUP,
+- mc_size_group * SSS_MC_CACHE_SLOTS_PER_MB,
+- (time_t)memcache_timeout,
+- &nctx->grp_mc_ctx);
+- if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE,
+- "Failed to initialize group mmap cache: '%s'\n",
+- sss_strerror(ret));
+- } else {
+- DEBUG(SSSDBG_CONF_SETTINGS, "Group mmap cache size is %d\n",
+- mc_size_group);
+- }
+- } else {
+- DEBUG(SSSDBG_IMPORTANT_INFO,
+- "Group mmap cache is explicitly DISABLED\n");
+- }
+-
+- if (mc_size_initgroups != 0) {
+- ret = sss_mmap_cache_init(nctx, "initgroups",
+- nctx->mc_uid, nctx->mc_gid,
+- SSS_MC_INITGROUPS,
+- mc_size_initgroups * SSS_MC_CACHE_SLOTS_PER_MB,
+- (time_t)memcache_timeout,
+- &nctx->initgr_mc_ctx);
+- if (ret) {
+- DEBUG(SSSDBG_CRIT_FAILURE,
+- "Failed to initialize initgroups mmap cache: '%s'\n",
+- sss_strerror(ret));
+- } else {
+- DEBUG(SSSDBG_CONF_SETTINGS, "Initgroups mmap cache size is %d\n",
+- mc_size_initgroups);
+- }
+- } else {
+- DEBUG(SSSDBG_IMPORTANT_INFO,
+- "Initgroups mmap cache is explicitly DISABLED\n");
++ ret = sss_mmap_cache_init(nctx, "passwd",
++ nctx->mc_uid, nctx->mc_gid,
++ SSS_MC_PASSWD,
++ mc_size_passwd * SSS_MC_CACHE_SLOTS_PER_MB,
++ (time_t)memcache_timeout,
++ &nctx->pwd_mc_ctx);
++ if (ret) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Failed to initialize passwd mmap cache: '%s'\n",
++ sss_strerror(ret));
++ }
++
++ ret = sss_mmap_cache_init(nctx, "group",
++ nctx->mc_uid, nctx->mc_gid,
++ SSS_MC_GROUP,
++ mc_size_group * SSS_MC_CACHE_SLOTS_PER_MB,
++ (time_t)memcache_timeout,
++ &nctx->grp_mc_ctx);
++ if (ret) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Failed to initialize group mmap cache: '%s'\n",
++ sss_strerror(ret));
++ }
++
++ ret = sss_mmap_cache_init(nctx, "initgroups",
++ nctx->mc_uid, nctx->mc_gid,
++ SSS_MC_INITGROUPS,
++ mc_size_initgroups * SSS_MC_CACHE_SLOTS_PER_MB,
++ (time_t)memcache_timeout,
++ &nctx->initgr_mc_ctx);
++ if (ret) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Failed to initialize initgroups mmap cache: '%s'\n",
++ sss_strerror(ret));
+ }
+
+ return EOK;
+diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
+index 71919e4ac..f66e76ce4 100644
+--- a/src/responder/nss/nsssrv_mmap_cache.c
++++ b/src/responder/nss/nsssrv_mmap_cache.c
+@@ -1108,48 +1108,48 @@ static errno_t sss_mc_set_recycled(int fd)
+ return EOK;
+ }
+
+-/*
+- * When we (re)create a new file we must mark the current file as recycled
+- * so active clients will abandon its use ASAP.
+- * We unlink the current file and make a new one.
+- */
+-static errno_t sss_mc_create_file(struct sss_mc_ctx *mc_ctx)
++static void sss_mc_destroy_file(const char *filename)
+ {
+- mode_t old_mask;
++ const useconds_t t = 50000;
++ const int retries = 3;
+ int ofd;
+- int ret, uret;
+- useconds_t t = 50000;
+- int retries = 3;
++ int ret;
+
+- ofd = open(mc_ctx->file, O_RDWR);
++ ofd = open(filename, O_RDWR);
+ if (ofd != -1) {
+ ret = sss_br_lock_file(ofd, 0, 1, retries, t);
+ if (ret != EOK) {
+- DEBUG(SSSDBG_FATAL_FAILURE,
+- "Failed to lock file %s.\n", mc_ctx->file);
++ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to lock file %s.\n", filename);
+ }
+ ret = sss_mc_set_recycled(ofd);
+ if (ret) {
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to mark mmap file %s as"
+- " recycled: %d(%s)\n",
+- mc_ctx->file, ret, strerror(ret));
++ " recycled: %d (%s)\n",
++ filename, ret, strerror(ret));
+ }
+-
+ close(ofd);
+ } else if (errno != ENOENT) {
+ ret = errno;
+ DEBUG(SSSDBG_CRIT_FAILURE,
+- "Failed to open old memory cache file %s: %d(%s).\n",
+- mc_ctx->file, ret, strerror(ret));
++ "Failed to open old memory cache file %s: %d (%s)\n",
++ filename, ret, strerror(ret));
+ }
+
+ errno = 0;
+- ret = unlink(mc_ctx->file);
++ ret = unlink(filename);
+ if (ret == -1 && errno != ENOENT) {
+ ret = errno;
+- DEBUG(SSSDBG_TRACE_FUNC, "Failed to rm mmap file %s: %d(%s)\n",
+- mc_ctx->file, ret, strerror(ret));
++ DEBUG(SSSDBG_TRACE_FUNC, "Failed to delete mmap file %s: %d (%s)\n",
++ filename, ret, strerror(ret));
+ }
++}
++
++static errno_t sss_mc_create_file(struct sss_mc_ctx *mc_ctx)
++{
++ const useconds_t t = 50000;
++ const int retries = 3;
++ mode_t old_mask;
++ int ret, uret;
+
+ /* temporarily relax umask as we need the file to be readable
+ * by everyone for now */
+@@ -1276,9 +1276,32 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
+
+ struct sss_mc_ctx *mc_ctx = NULL;
+ int ret, dret;
++ char *filename;
++
++ filename = talloc_asprintf(mem_ctx, "%s/%s", SSS_NSS_MCACHE_DIR, name);
++ if (!filename) {
++ return ENOMEM;
++ }
++ /*
++ * First of all mark the current file as recycled
++ * and unlink so active clients will abandon its use ASAP
++ */
++ sss_mc_destroy_file(filename);
++
++ if ((timeout == 0) || (n_elem == 0)) {
++ DEBUG(SSSDBG_IMPORTANT_INFO,
++ "Fast '%s' mmap cache is explicitly DISABLED\n",
++ mc_type_to_str(type));
++ *mcc = NULL;
++ return EOK;
++ }
++ DEBUG(SSSDBG_CONF_SETTINGS,
++ "Fast '%s' mmap cache: timeout = %d, slots = %zu\n",
++ mc_type_to_str(type), (int)timeout, n_elem);
+
+ mc_ctx = talloc_zero(mem_ctx, struct sss_mc_ctx);
+ if (!mc_ctx) {
++ talloc_free(filename);
+ return ENOMEM;
+ }
+ mc_ctx->fd = -1;
+@@ -1297,12 +1320,7 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
+
+ mc_ctx->valid_time_slot = timeout;
+
+- mc_ctx->file = talloc_asprintf(mc_ctx, "%s/%s",
+- SSS_NSS_MCACHE_DIR, name);
+- if (!mc_ctx->file) {
+- ret = ENOMEM;
+- goto done;
+- }
++ mc_ctx->file = talloc_steal(mc_ctx, filename);
+
+ /* elements must always be multiple of 8 to make things easier to handle,
+ * so we increase by the necessary amount if they are not a multiple */
+@@ -1320,8 +1338,6 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
+ MC_ALIGN64(mc_ctx->ht_size);
+
+
+- /* for now ALWAYS create a new file on restart */
+-
+ ret = sss_mc_create_file(mc_ctx);
+ if (ret) {
+ goto done;
+--
+2.21.3
+
diff --git a/SOURCES/0036-TRANSLATIONS-updated-translations-to-include-new-sou.patch b/SOURCES/0036-TRANSLATIONS-updated-translations-to-include-new-sou.patch
new file mode 100644
index 0000000..0623a83
--- /dev/null
+++ b/SOURCES/0036-TRANSLATIONS-updated-translations-to-include-new-sou.patch
@@ -0,0 +1,16083 @@
+From 4fd05180b4c47a4ba6b23b2b82aa7b9589989f61 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Thu, 18 Jun 2020 11:52:01 +0200
+Subject: [PATCH] TRANSLATIONS: updated translations to include new source file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some translations were previously missed when some code moved
+to a new source file `src/config/SSSDConfig/sssdoptions.py`
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ po/fr.po | 4831 +++++++++++++++++++++++++++++----------------------
+ po/ja.po | 4392 ++++++++++++++++++++++++++--------------------
+ po/sssd.pot | 1862 +++++++++++++++++++-
+ po/zh_CN.po | 2538 +++++++++++++++++++++++----
+ 4 files changed, 9195 insertions(+), 4428 deletions(-)
+
+diff --git a/po/fr.po b/po/fr.po
+index 2dad196a1..198c757e8 100644
+--- a/po/fr.po
++++ b/po/fr.po
+@@ -15,2726 +15,3351 @@ msgid ""
+ msgstr ""
+ "Project-Id-Version: PACKAGE VERSION\n"
+ "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+-"POT-Creation-Date: 2020-05-19 12:05+0200\n"
+-"PO-Revision-Date: 2020-05-19 10:07+0000\n"
+-"Last-Translator: Pavel Brezina <pbrezina@redhat.com>\n"
+-"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
+-"fr/)\n"
+-"Language: fr\n"
++"POT-Creation-Date: 2020-06-17 22:51+0200\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"PO-Revision-Date: 2020-05-19 10:07+0000\n"
++"Last-Translator: Pavel Brezina <pbrezina@redhat.com>\n"
++"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/fr/"
++")\n"
++"Language: fr\n"
+ "Plural-Forms: nplurals=2; plural=(n > 1);\n"
+ "X-Generator: Zanata 4.6.2\n"
+
+-#: src/monitor/monitor.c:2371
+-msgid "Become a daemon (default)"
+-msgstr "Devenir un démon (par défaut)"
++#: src/config/SSSDConfig/sssdoptions.py:20
++#: src/config/SSSDConfig/sssdoptions.py:21
++msgid "Set the verbosity of the debug logging"
++msgstr "Définir le niveau de détails de la sortie de débogage"
+
+-#: src/monitor/monitor.c:2373
+-msgid "Run interactive (not a daemon)"
+-msgstr "Fonctionner en interactif (non démon)"
++#: src/config/SSSDConfig/sssdoptions.py:22
++msgid "Include timestamps in debug logs"
++msgstr "Ajouter l'horodatage dans les fichiers de débogage"
+
+-#: src/monitor/monitor.c:2376
+-msgid "Disable netlink interface"
+-msgstr "Désactiver l'interface netlink"
++#: src/config/SSSDConfig/sssdoptions.py:23
++msgid "Include microseconds in timestamps in debug logs"
++msgstr ""
++"Ajouter les microsecondes pour l'horodatage dans les journaux de débogage"
+
+-#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_logs.c:310
+-msgid "Specify a non-default config file"
+-msgstr "Définir un fichier de configuration différent de celui par défaut"
++#: src/config/SSSDConfig/sssdoptions.py:24
++msgid "Write debug messages to logfiles"
++msgstr "Écrire les messages de débogage dans les journaux"
+
+-#: src/monitor/monitor.c:2380
+-msgid "Refresh the configuration database, then exit"
+-msgstr "Rafraîchissez la base de données de configuration, puis quittez"
++#: src/config/SSSDConfig/sssdoptions.py:25
++msgid "Watchdog timeout before restarting service"
++msgstr "Délai de surveillance avant le redémarrage du service"
+
+-#: src/monitor/monitor.c:2383
+-msgid "Similar to --genconf, but only refreshes the given section"
+-msgstr "Semblable à --genconf, mais ne rafraîchit que la section donnée"
++#: src/config/SSSDConfig/sssdoptions.py:26
++msgid "Command to start service"
++msgstr "Commande pour démarrer le service"
+
+-#: src/monitor/monitor.c:2386
+-msgid "Print version number and exit"
+-msgstr "Afficher le numéro de version et quitte"
++#: src/config/SSSDConfig/sssdoptions.py:27
++msgid "Number of times to attempt connection to Data Providers"
++msgstr "Nombre d'essais pour tenter de se connecter au fournisseur de données"
+
+-#: src/monitor/monitor.c:2532
+-msgid "SSSD is already running\n"
+-msgstr "SSSD est déjà en cours d'exécution\n"
++#: src/config/SSSDConfig/sssdoptions.py:28
++msgid "The number of file descriptors that may be opened by this responder"
++msgstr ""
++"Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce "
++"répondeur"
+
+-#: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
+-msgid "Debug level"
+-msgstr "Niveau de débogage"
++#: src/config/SSSDConfig/sssdoptions.py:29
++msgid "Idle time before automatic disconnection of a client"
++msgstr "durée d'inactivité avant la déconnexion automatique d'un client"
+
+-#: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
+-msgid "Add debug timestamps"
+-msgstr "Ajouter l'horodatage au débogage"
++#: src/config/SSSDConfig/sssdoptions.py:30
++msgid "Idle time before automatic shutdown of the responder"
++msgstr "Temps d'inactivité avant l'arrêt automatique du répondeur"
+
+-#: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
+-msgid "Show timestamps with microseconds"
+-msgstr "Afficher l'horodatage en microsecondes"
++#: src/config/SSSDConfig/sssdoptions.py:31
++msgid "Always query all the caches before querying the Data Providers"
++msgstr ""
++"Interrogez toujours tous les caches avant d'interroger les fournisseurs de "
++"données"
+
+-#: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
+-msgid "An open file descriptor for the debug logs"
+-msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
++#: src/config/SSSDConfig/sssdoptions.py:32
++msgid ""
++"When SSSD switches to offline mode the amount of time before it tries to go "
++"back online will increase based upon the time spent disconnected. This value "
++"is in seconds and calculated by the following: offline_timeout + "
++"random_offset."
++msgstr ""
+
+-#: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
+-msgid "Send the debug output to stderr directly."
+-msgstr "Envoyer la sortie de débogage directement vers l'erreur standard."
++#: src/config/SSSDConfig/sssdoptions.py:38
++msgid ""
++"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
++"version 2."
++msgstr ""
+
+-#: src/providers/krb5/krb5_child.c:3245
+-msgid "The user to create FAST ccache as"
+-msgstr "L'utilisateur à utiliser pour la création du ccache FAST"
++#: src/config/SSSDConfig/sssdoptions.py:39
++msgid "SSSD Services to start"
++msgstr "Services SSSD à démarrer"
+
+-#: src/providers/krb5/krb5_child.c:3247
+-msgid "The group to create FAST ccache as"
+-msgstr "Le groupe à utiliser pour la création du ccache FAST"
++#: src/config/SSSDConfig/sssdoptions.py:40
++msgid "SSSD Domains to start"
++msgstr "Domaines SSSD à démarrer"
+
+-#: src/providers/krb5/krb5_child.c:3249
+-msgid "Kerberos realm to use"
+-msgstr "Domaine Kerberos à utiliser"
++#: src/config/SSSDConfig/sssdoptions.py:41
++msgid "Timeout for messages sent over the SBUS"
++msgstr "Délai d'attente pour les messages à envoyer à travers SBUS"
+
+-#: src/providers/krb5/krb5_child.c:3251
+-msgid "Requested lifetime of the ticket"
+-msgstr "Demande de renouvellement à vie du billet"
++#: src/config/SSSDConfig/sssdoptions.py:42
++msgid "Regex to parse username and domain"
++msgstr "Expression rationnelle d'analyse des noms d'utilisateur et de domaine"
+
+-#: src/providers/krb5/krb5_child.c:3253
+-msgid "Requested renewable lifetime of the ticket"
+-msgstr "Demande de renouvellement à vie du billet"
++#: src/config/SSSDConfig/sssdoptions.py:43
++msgid "Printf-compatible format for displaying fully-qualified names"
++msgstr "Format compatible printf d'affichage des noms complétement qualifiés"
+
+-#: src/providers/krb5/krb5_child.c:3255
+-msgid "FAST options ('never', 'try', 'demand')"
+-msgstr "Options FAST ('never', 'try', 'demand')"
++#: src/config/SSSDConfig/sssdoptions.py:44
++msgid ""
++"Directory on the filesystem where SSSD should store Kerberos replay cache "
++"files."
++msgstr ""
++"Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
++"relecture de Kerberos."
+
+-#: src/providers/krb5/krb5_child.c:3258
+-msgid "Specifies the server principal to use for FAST"
+-msgstr "Spécifie le principal de serveur afin d'utiliser FAST."
++#: src/config/SSSDConfig/sssdoptions.py:45
++msgid "Domain to add to names without a domain component."
++msgstr "Domaine à ajouter aux noms sans composant de nom de domaine."
+
+-#: src/providers/krb5/krb5_child.c:3260
+-msgid "Requests canonicalization of the principal name"
+-msgstr "Demande la canonisation du nom principal"
++#: src/config/SSSDConfig/sssdoptions.py:46
++msgid "The user to drop privileges to"
++msgstr "L'utilisation vers lequel abandonner les privilèges"
+
+-#: src/providers/krb5/krb5_child.c:3262
+-msgid "Use custom version of krb5_get_init_creds_password"
+-msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
++#: src/config/SSSDConfig/sssdoptions.py:47
++msgid "Tune certificate verification"
++msgstr "Régler la vérification du certificat"
+
+-#: src/providers/data_provider_be.c:674
+-msgid "Domain of the information provider (mandatory)"
+-msgstr "Domaine du fournisseur d'informations (obligatoire)"
++#: src/config/SSSDConfig/sssdoptions.py:48
++msgid "All spaces in group or user names will be replaced with this character"
++msgstr ""
++"Tous les espaces dans les noms de groupes ou d'utilisateurs seront remplacés "
++"par ce caractère"
+
+-#: src/sss_client/common.c:1079
+-msgid "Privileged socket has wrong ownership or permissions."
++#: src/config/SSSDConfig/sssdoptions.py:49
++msgid "Tune sssd to honor or ignore netlink state changes"
++msgstr "Régler sssd pour honorer ou ignorer les changements d'état du netlink"
++
++#: src/config/SSSDConfig/sssdoptions.py:50
++msgid "Enable or disable the implicit files domain"
++msgstr "Activer ou désactiver le domaine des fichiers implicites"
++
++#: src/config/SSSDConfig/sssdoptions.py:51
++msgid "A specific order of the domains to be looked up"
++msgstr "Un ordre spécifique des domaines à rechercher"
++
++#: src/config/SSSDConfig/sssdoptions.py:52
++msgid ""
++"Controls if SSSD should monitor the state of resolv.conf to identify when it "
++"needs to update its internal DNS resolver."
+ msgstr ""
+-"Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire."
+
+-#: src/sss_client/common.c:1082
+-msgid "Public socket has wrong ownership or permissions."
++#: src/config/SSSDConfig/sssdoptions.py:54
++msgid ""
++"SSSD monitors the state of resolv.conf to identify when it needs to update "
++"its internal DNS resolver. By default, we will attempt to use inotify for "
++"this, and will fall back to polling resolv.conf every five seconds if "
++"inotify cannot be used."
+ msgstr ""
+-"Le socket public a de mauvaises permissions ou un mauvais propriétaire."
+
+-#: src/sss_client/common.c:1085
+-msgid "Unexpected format of the server credential message."
+-msgstr "Le message du serveur de crédits a un format inattendu."
++#: src/config/SSSDConfig/sssdoptions.py:59
++msgid "Enumeration cache timeout length (seconds)"
++msgstr "Délai d'attente du cache d'énumération (en secondes)"
+
+-#: src/sss_client/common.c:1088
+-msgid "SSSD is not run by root."
+-msgstr "SSSD n'est pas démarré par root."
++#: src/config/SSSDConfig/sssdoptions.py:60
++msgid "Entry cache background update timeout length (seconds)"
++msgstr ""
++"Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en "
++"secondes)"
+
+-#: src/sss_client/common.c:1091
+-msgid "SSSD socket does not exist."
+-msgstr "La socket SSSD n'existe pas."
++#: src/config/SSSDConfig/sssdoptions.py:61
++#: src/config/SSSDConfig/sssdoptions.py:112
++msgid "Negative cache timeout length (seconds)"
++msgstr "Délai d'attente du cache négatif (en secondes)"
+
+-#: src/sss_client/common.c:1094
+-msgid "Cannot get stat of SSSD socket."
+-msgstr "Impossible d'obtenir le stat du socket SSSD."
++#: src/config/SSSDConfig/sssdoptions.py:62
++msgid "Files negative cache timeout length (seconds)"
++msgstr "Délai d'attente du cache négatif (en secondes)"
+
+-#: src/sss_client/common.c:1099
+-msgid "An error occurred, but no description can be found."
+-msgstr "Une erreur est survenue mais aucune description n'est trouvée."
++#: src/config/SSSDConfig/sssdoptions.py:63
++msgid "Users that SSSD should explicitly ignore"
++msgstr "Utilisateurs que SSSD doit explicitement ignorer"
+
+-#: src/sss_client/common.c:1105
+-msgid "Unexpected error while looking for an error description"
+-msgstr "Erreur inattendue lors de la recherche de la description de l'erreur"
++#: src/config/SSSDConfig/sssdoptions.py:64
++msgid "Groups that SSSD should explicitly ignore"
++msgstr "Groupes que SSSD doit explicitement ignorer"
+
+-#: src/sss_client/pam_sss.c:68
+-msgid "Permission denied. "
+-msgstr "Accès refusé."
++#: src/config/SSSDConfig/sssdoptions.py:65
++msgid "Should filtered users appear in groups"
++msgstr "Les utilisateurs filtrés doivent-ils apparaître dans les groupes"
+
+-#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:779
+-#: src/sss_client/pam_sss.c:790
+-msgid "Server message: "
+-msgstr "Message du serveur : "
++#: src/config/SSSDConfig/sssdoptions.py:66
++msgid "The value of the password field the NSS provider should return"
++msgstr "Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer"
+
+-#: src/sss_client/pam_sss.c:297
+-msgid "Passwords do not match"
+-msgstr "Les mots de passe ne correspondent pas"
++#: src/config/SSSDConfig/sssdoptions.py:67
++msgid "Override homedir value from the identity provider with this value"
++msgstr ""
++"Remplacer par cette valeur celle du répertoire personnel obtenu avec le "
++"fournisseur d'identité"
+
+-#: src/sss_client/pam_sss.c:485
+-msgid "Password reset by root is not supported."
++#: src/config/SSSDConfig/sssdoptions.py:68
++msgid ""
++"Substitute empty homedir value from the identity provider with this value"
+ msgstr ""
+-"La réinitialisation du mot de passe par root n'est pas prise en charge."
++"Substitution de la valeur homedir vide du fournisseur d'identité avec cette "
++"valeur"
+
+-#: src/sss_client/pam_sss.c:526
+-msgid "Authenticated with cached credentials"
+-msgstr "Authentifié avec les crédits mis en cache"
++#: src/config/SSSDConfig/sssdoptions.py:69
++msgid "Override shell value from the identity provider with this value"
++msgstr ""
++"Écraser le shell donné par le fournisseur d'identité avec cette valeur"
+
+-#: src/sss_client/pam_sss.c:527
+-msgid ", your cached password will expire at: "
+-msgstr ", votre mot de passe en cache expirera à :"
++#: src/config/SSSDConfig/sssdoptions.py:70
++msgid "The list of shells users are allowed to log in with"
++msgstr ""
++"Liste des interpréteurs de commandes utilisateurs autorisés pour se "
++"connecter"
+
+-#: src/sss_client/pam_sss.c:557
+-#, c-format
+-msgid "Your password has expired. You have %1$d grace login(s) remaining."
++#: src/config/SSSDConfig/sssdoptions.py:71
++msgid ""
++"The list of shells that will be vetoed, and replaced with the fallback shell"
+ msgstr ""
+-"Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)."
++"Liste des interpréteurs de commandes bannis et remplacés par celui par "
++"défaut"
+
+-#: src/sss_client/pam_sss.c:603
+-#, c-format
+-msgid "Your password will expire in %1$d %2$s."
+-msgstr "Votre mot de passe expirera dans %1$d %2$s."
++#: src/config/SSSDConfig/sssdoptions.py:72
++msgid ""
++"If a shell stored in central directory is allowed but not available, use "
++"this fallback"
++msgstr ""
++"Si un interpréteur de commandes stocké dans l'annuaire central est autorisé "
++"mais indisponible, utiliser à défaut celui-ci"
+
+-#: src/sss_client/pam_sss.c:652
+-msgid "Authentication is denied until: "
+-msgstr "L'authentification est refusée jusque :"
++#: src/config/SSSDConfig/sssdoptions.py:73
++msgid "Shell to use if the provider does not list one"
++msgstr "Shell à utiliser si le fournisseur n'en propose aucun"
+
+-#: src/sss_client/pam_sss.c:673
+-msgid "System is offline, password change not possible"
++#: src/config/SSSDConfig/sssdoptions.py:74
++msgid "How long will be in-memory cache records valid"
++msgstr "Durée de maintien en cache des enregistrements valides"
++
++#: src/config/SSSDConfig/sssdoptions.py:75
++msgid ""
++"The value of this option will be used in the expansion of the "
++"override_homedir option if the template contains the format string %H."
+ msgstr ""
+-"Le système est hors-ligne, les modifications du mot de passe sont impossibles"
+
+-#: src/sss_client/pam_sss.c:688
++#: src/config/SSSDConfig/sssdoptions.py:77
+ msgid ""
+-"After changing the OTP password, you need to log out and back in order to "
+-"acquire a ticket"
++"Specifies time in seconds for which the list of subdomains will be "
++"considered valid."
+ msgstr ""
+-"Après avoir modifié le mot de passe OTP, vous devez vous déconnecter et vous "
+-"reconnecter afin d'acquérir un ticket"
+
+-#: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
+-msgid "Password change failed. "
+-msgstr "Échec du changement de mot de passe."
++#: src/config/SSSDConfig/sssdoptions.py:79
++msgid ""
++"The entry cache can be set to automatically update entries in the background "
++"if they are requested beyond a percentage of the entry_cache_timeout value "
++"for the domain."
++msgstr ""
+
+-#: src/sss_client/pam_sss.c:2008
+-msgid "New Password: "
+-msgstr "Nouveau mot de passe : "
++#: src/config/SSSDConfig/sssdoptions.py:84
++msgid "How long to allow cached logins between online logins (days)"
++msgstr ""
++"Délai pendant lequel les connexions utilisant le cache sont autorisées entre "
++"deux connexions en ligne (en jours)"
+
+-#: src/sss_client/pam_sss.c:2009
+-msgid "Reenter new Password: "
+-msgstr "Retaper le nouveau mot de passe : "
++#: src/config/SSSDConfig/sssdoptions.py:85
++msgid "How many failed logins attempts are allowed when offline"
++msgstr "Nombre d'échecs de connexions hors-ligne autorisés"
+
+-#: src/sss_client/pam_sss.c:2171 src/sss_client/pam_sss.c:2174
+-msgid "First Factor: "
+-msgstr "Premier facteur :"
++#: src/config/SSSDConfig/sssdoptions.py:87
++msgid ""
++"How long (minutes) to deny login after offline_failed_login_attempts has "
++"been reached"
++msgstr ""
++"Durée d'interdiction de connexion après que offline_failed_login_attempts "
++"est atteint (en minutes)"
+
+-#: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
+-msgid "Second Factor (optional): "
+-msgstr "Deuxième facteur (facultatif) : "
++#: src/config/SSSDConfig/sssdoptions.py:88
++msgid "What kind of messages are displayed to the user during authentication"
++msgstr ""
++"Quels types de messages sont affichés à l'utilisateur pendant "
++"l'authentification"
+
+-#: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
+-msgid "Second Factor: "
+-msgstr "Second facteur :"
++#: src/config/SSSDConfig/sssdoptions.py:89
++msgid "Filter PAM responses sent to the pam_sss"
++msgstr "Filtrez les réponses PAM envoyées à l'adresse pam_sss"
+
+-#: src/sss_client/pam_sss.c:2190
+-msgid "Password: "
+-msgstr "Mot de passe : "
++#: src/config/SSSDConfig/sssdoptions.py:90
++msgid "How many seconds to keep identity information cached for PAM requests"
++msgstr ""
++"Durée en secondes pendant laquelle les informations d'identité sont gardées "
++"en cache pour les requêtes PAM"
+
+-#: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
+-msgid "First Factor (Current Password): "
+-msgstr "Premier facteur (mot de passe actuel) : "
++#: src/config/SSSDConfig/sssdoptions.py:91
++msgid "How many days before password expiration a warning should be displayed"
++msgstr ""
++"Nombre de jours précédent l'expiration du mot de passe avant lesquels un "
++"avertissement doit être affiché"
+
+-#: src/sss_client/pam_sss.c:2349
+-msgid "Current Password: "
+-msgstr "Mot de passe actuel : "
++#: src/config/SSSDConfig/sssdoptions.py:92
++msgid "List of trusted uids or user's name"
++msgstr "Liste des uid ou noms d'utilisateurs dignes de confiance"
+
+-#: src/sss_client/pam_sss.c:2704
+-msgid "Password expired. Change your password now."
+-msgstr "Mot de passe expiré. Changez votre mot de passe maintenant."
++#: src/config/SSSDConfig/sssdoptions.py:93
++msgid "List of domains accessible even for untrusted users."
++msgstr ""
++"Liste des domaines accessibles y compris par les utilisateurs non dignes de "
++"confiance"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
+-#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
+-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
+-#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
+-#: src/tools/sss_cache.c:719
+-msgid "The debug level to run with"
+-msgstr "Le niveau de débogage utilisé avec"
++#: src/config/SSSDConfig/sssdoptions.py:94
++msgid "Message printed when user account is expired."
++msgstr "Message affiché lorsque le compte a expiré"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
+-msgid "The SSSD domain to use"
+-msgstr "Le domaine SSSD à utiliser"
++#: src/config/SSSDConfig/sssdoptions.py:95
++msgid "Message printed when user account is locked."
++msgstr "Message affiché lorsque le compte a expiré"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+-#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+-#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
+-#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
+-#: src/tools/sss_cache.c:765
+-msgid "Error setting the locale\n"
+-msgstr "Erreur lors du paramétrage de la locale\n"
++#: src/config/SSSDConfig/sssdoptions.py:96
++msgid "Allow certificate based/Smartcard authentication."
++msgstr "Autoriser l'authentification par certificat/carte à puce."
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
+-msgid "Not enough memory\n"
+-msgstr "Mémoire insuffisante\n"
++#: src/config/SSSDConfig/sssdoptions.py:97
++msgid "Path to certificate database with PKCS#11 modules."
++msgstr ""
++"Chemin d'accès à la base de données des certificats des modules PKCS#11."
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
+-msgid "User not specified\n"
+-msgstr "Utilisateur non spécifié\n"
++#: src/config/SSSDConfig/sssdoptions.py:98
++msgid "How many seconds will pam_sss wait for p11_child to finish"
++msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
+-msgid "Error looking up public keys\n"
+-msgstr "Erreur lors de la recherche des clés publiques\n"
++#: src/config/SSSDConfig/sssdoptions.py:99
++msgid "Which PAM services are permitted to contact application domains"
++msgstr ""
++"Quels services PAM sont autorisés à contacter les domaines d'application"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
+-msgid "The port to use to connect to the host"
+-msgstr "Le port à utiliser pour se connecter à l'hôte"
++#: src/config/SSSDConfig/sssdoptions.py:100
++msgid "Allowed services for using smartcards"
++msgstr "Services autorisés pour l'utilisation de cartes à puce"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
+-msgid "Print the host ssh public keys"
+-msgstr "Imprimer les clés publiques ssh de l'hôte"
++#: src/config/SSSDConfig/sssdoptions.py:101
++msgid "Additional timeout to wait for a card if requested"
++msgstr ""
++"Délai d'attente supplémentaire pour l'obtention d'une carte si demandé"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
+-msgid "Invalid port\n"
+-msgstr "Port invalide\n"
++#: src/config/SSSDConfig/sssdoptions.py:102
++msgid ""
++"PKCS#11 URI to restrict the selection of devices for Smartcard "
++"authentication"
++msgstr ""
++"URI PKCS#11 pour limiter la sélection des périphériques pour "
++"l'authentification par carte à puce"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
+-msgid "Host not specified\n"
+-msgstr "Hôte non spécifié\n"
++#: src/config/SSSDConfig/sssdoptions.py:103
++msgid "When shall the PAM responder force an initgroups request"
++msgstr ""
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
+-msgid "The path to the proxy command must be absolute\n"
+-msgstr "Le chemin vers la commande de proxy doit être absolue\n"
++#: src/config/SSSDConfig/sssdoptions.py:106
++msgid "Whether to evaluate the time-based attributes in sudo rules"
++msgstr ""
++"Faut-il évaluer les attributs dépendants du temps dans les règles sudo"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
+-#, c-format
+-msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
+-msgstr "sss_ssh_knownhostsproxy : Impossible de résoudre le nom d'hôte %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:107
++msgid "If true, SSSD will switch back to lower-wins ordering logic"
++msgstr "Si sur true, SSSD repasse en logique de commande à faible gain"
+
+-#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
+-msgid "The UID of the user"
+-msgstr "L'UID de l'utilisateur"
++#: src/config/SSSDConfig/sssdoptions.py:108
++msgid ""
++"Maximum number of rules that can be refreshed at once. If this is exceeded, "
++"full refresh is performed."
++msgstr ""
++"Nombre maximum de règles pouvant être rafraîchies en même temps. En cas de "
++"dépassement, un rafraîchissement complet est effectué."
+
+-#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
+-msgid "The comment string"
+-msgstr "Phrase de commentaire"
++#: src/config/SSSDConfig/sssdoptions.py:115
++msgid "Whether to hash host names and addresses in the known_hosts file"
++msgstr ""
++"Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
+
+-#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
+-msgid "Home directory"
+-msgstr "Répertoire utilisateur"
++#: src/config/SSSDConfig/sssdoptions.py:116
++msgid ""
++"How many seconds to keep a host in the known_hosts file after its host keys "
++"were requested"
++msgstr ""
++"Le nombre de secondes pour garder un hôte dans le fichier known_hosts après "
++"que ses clés d'hôte ont été demandées"
+
+-#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
+-msgid "Login shell"
+-msgstr "Interpréteur de commandes de connexion"
++#: src/config/SSSDConfig/sssdoptions.py:118
++msgid "Path to storage of trusted CA certificates"
++msgstr "Chemin d'accès au stockage des certificats d'AC de confiance"
+
+-#: src/tools/sss_useradd.c:53
+-msgid "Groups"
+-msgstr "Groupes"
++#: src/config/SSSDConfig/sssdoptions.py:119
++msgid "Allow to generate ssh-keys from certificates"
++msgstr "Permet de générer des ssh-keys à partir de certificats"
+
+-#: src/tools/sss_useradd.c:54
+-msgid "Create user's directory if it does not exist"
+-msgstr "Créer le repertoire utilisateur s'il n'existe pas"
++#: src/config/SSSDConfig/sssdoptions.py:120
++msgid ""
++"Use the following matching rules to filter the certificates for ssh-key "
++"generation"
++msgstr ""
++"Utilisez les règles de correspondance suivantes pour filtrer les certificats "
++"pour la génération de clés ssh"
+
+-#: src/tools/sss_useradd.c:55
+-msgid "Never create user's directory, overrides config"
+-msgstr "Ne jamais créer de répertoire utilisateur, outrepasse la configuration"
++#: src/config/SSSDConfig/sssdoptions.py:124
++msgid "List of UIDs or user names allowed to access the PAC responder"
++msgstr ""
++"Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC"
+
+-#: src/tools/sss_useradd.c:56
+-msgid "Specify an alternative skeleton directory"
+-msgstr "Spécifie un répertoire squelette alternatif"
++#: src/config/SSSDConfig/sssdoptions.py:125
++msgid "How long the PAC data is considered valid"
++msgstr "Durée de validité des données du PAC"
+
+-#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
+-msgid "The SELinux user for user's login"
+-msgstr "L'utilisateur SELinux pour l'identifiant de l'utilisateur"
++#: src/config/SSSDConfig/sssdoptions.py:128
++msgid "List of user attributes the InfoPipe is allowed to publish"
++msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
+
+-#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+-#: src/tools/sss_usermod.c:92
+-msgid "Specify group to add to\n"
+-msgstr "Définir le groupe à ajouter à\n"
++#: src/config/SSSDConfig/sssdoptions.py:131
++msgid "The provider where the secrets will be stored in"
++msgstr "Le fournisseur où les secrets seront stockés"
+
+-#: src/tools/sss_useradd.c:111
+-msgid "Specify user to add\n"
+-msgstr "Définir l'utilisateur à ajouter à\n"
++#: src/config/SSSDConfig/sssdoptions.py:132
++msgid "The maximum allowed number of nested containers"
++msgstr "Le nombre maximal de conteneurs imbriqués autorisés"
+
+-#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
+-#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
+-#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
+-#: src/tools/sss_usermod.c:162
+-msgid "Error initializing the tools - no local domain\n"
+-msgstr "Erreur à l'initialisation des outils - aucun domaine local\n"
++#: src/config/SSSDConfig/sssdoptions.py:133
++msgid "The maximum number of secrets that can be stored"
++msgstr "Le nombre maximum de secrets qui peuvent être stockés"
+
+-#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+-#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+-#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
+-#: src/tools/sss_usermod.c:164
+-msgid "Error initializing the tools\n"
+-msgstr "Erreur à l'initialisation des outils\n"
++#: src/config/SSSDConfig/sssdoptions.py:134
++msgid "The maximum number of secrets that can be stored per UID"
++msgstr "Le nombre maximum de secrets qui peuvent être stockés par UID"
+
+-#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+-#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+-#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
+-#: src/tools/sss_usermod.c:173
+-msgid "Invalid domain specified in FQDN\n"
+-msgstr "Domaine invalide définit dans le FQDN\n"
++#: src/config/SSSDConfig/sssdoptions.py:135
++msgid "The maximum payload size of a secret in kilobytes"
++msgstr "La taille maximale de la charge utile d'un secret en kilo-octets"
+
+-#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+-#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
+-#: src/tools/sss_usermod.c:226
+-msgid "Internal error while parsing parameters\n"
+-msgstr "Erreur interne lors de l'analyse des paramètres\n"
++#: src/config/SSSDConfig/sssdoptions.py:137
++msgid "The URL Custodia server is listening on"
++msgstr "L'URL du serveur Custodia est en écoute sur"
+
+-#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
+-#: src/tools/sss_usermod.c:235
+-msgid "Groups must be in the same domain as user\n"
+-msgstr "Les groupes doivent être dans le même domaine que l'utilisateur\n"
++#: src/config/SSSDConfig/sssdoptions.py:138
++msgid "The method to use when authenticating to a Custodia server"
++msgstr ""
++"La méthode à utiliser lors de l'authentification via un serveur Custodia"
+
+-#: src/tools/sss_useradd.c:159
+-#, c-format
+-msgid "Cannot find group %1$s in local domain\n"
+-msgstr "Impossible de trouver le groupe %1$s dans le domaine local\n"
++#: src/config/SSSDConfig/sssdoptions.py:139
++msgid ""
++"The name of the headers that will be added into a HTTP request with the "
++"value defined in auth_header_value"
++msgstr ""
++"Le nom des en-têtes qui seront ajoutés dans une requête HTTP avec la valeur "
++"définie dans auth_header_value"
+
+-#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
+-msgid "Cannot set default values\n"
+-msgstr "Impossible de définir les valeurs par défaut\n"
++#: src/config/SSSDConfig/sssdoptions.py:141
++msgid "The value sssd-secrets would use for auth_header_name"
++msgstr "La valeur que sssd-secrets utiliseraient pour auth_header_name"
+
+-#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
+-msgid "The selected UID is outside the allowed range\n"
+-msgstr "L'UID sélectionné est en dehors de la plage autorisée\n"
++#: src/config/SSSDConfig/sssdoptions.py:142
++msgid ""
++"The list of the headers to forward to the Custodia server together with the "
++"request"
++msgstr ""
++"La liste des en-têtes à transmettre au serveur Custodia avec la requête"
+
+-#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
+-msgid "Cannot set SELinux login context\n"
+-msgstr "Impossible de définir le contexte de connexion SELinux\n"
++#: src/config/SSSDConfig/sssdoptions.py:143
++msgid ""
++"The username to use when authenticating to a Custodia server using "
++"basic_auth"
++msgstr ""
++"La méthode à utiliser lors de l'authentification via un serveur Custodia "
++"utilisant basic_auth"
+
+-#: src/tools/sss_useradd.c:224
+-msgid "Cannot get info about the user\n"
+-msgstr "Impossible de trouver les informations sur l'utilisateur\n"
++#: src/config/SSSDConfig/sssdoptions.py:144
++msgid ""
++"The password to use when authenticating to a Custodia server using "
++"basic_auth"
++msgstr ""
++"La méthode à utiliser lors de l'authentification via un serveur Custodia "
++"utilisant basic_auth"
+
+-#: src/tools/sss_useradd.c:236
+-msgid "User's home directory already exists, not copying data from skeldir\n"
++#: src/config/SSSDConfig/sssdoptions.py:145
++msgid ""
++"If true peer's certificate is verified if proxy_url uses https protocol"
+ msgstr ""
+-"Le répertoire de l'utilisateur existe déjà, les données du répertoire "
+-"squelette ne sont pas copiées\n"
++"Le certificat pair true est vérifié si proxy_url utilise le protocole https"
+
+-#: src/tools/sss_useradd.c:239
+-#, c-format
+-msgid "Cannot create user's home directory: %1$s\n"
+-msgstr "Impossible de créer le répertoire de l'utilisateur : %1$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:146
++msgid ""
++"If false peer's certificate may contain different hostname than proxy_url "
++"when https protocol is used"
++msgstr ""
++"Le certificat pair false peut contenir un nom d'hôte différent de proxy_url "
++"lorsque le protocole https est utilisé"
+
+-#: src/tools/sss_useradd.c:250
+-#, c-format
+-msgid "Cannot create user's mail spool: %1$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:148
++msgid "Path to directory where certificate authority certificates are stored"
++msgstr "Chemin d'accès au répertoire où sont stockés les certificats CA"
++
++#: src/config/SSSDConfig/sssdoptions.py:149
++msgid "Path to file containing server's CA certificate"
++msgstr "Chemin d'accès au fichier contenant le certificat CA du serveur"
++
++#: src/config/SSSDConfig/sssdoptions.py:150
++msgid "Path to file containing client's certificate"
++msgstr "Chemin d'accès au fichier contenant le certificat du client"
++
++#: src/config/SSSDConfig/sssdoptions.py:151
++msgid "Path to file containing client's private key"
++msgstr "Chemin d'accès au fichier contenant la clé privée du client"
++
++#: src/config/SSSDConfig/sssdoptions.py:154
++msgid ""
++"One of the following strings specifying the scope of session recording: none "
++"- No users are recorded. some - Users/groups specified by users and groups "
++"options are recorded. all - All users are recorded."
+ msgstr ""
+-"Impossible de créer le répertoire de réception des messages électroniques "
+-"pour l'utilisateur : %1$s\n"
+
+-#: src/tools/sss_useradd.c:270
+-msgid "Could not allocate ID for the user - domain full?\n"
++#: src/config/SSSDConfig/sssdoptions.py:157
++msgid ""
++"A comma-separated list of users which should have session recording enabled. "
++"Matches user names as returned by NSS. I.e. after the possible space "
++"replacement, case changes, etc."
+ msgstr ""
+-"L'identifiant de l'utilisateur ne peut pas être alloué - domaine plein ?\n"
+
+-#: src/tools/sss_useradd.c:274
+-msgid "A user or group with the same name or ID already exists\n"
+-msgstr "Un utilisateur ou groupe avec le même nom ou identifiant existe déjà\n"
++#: src/config/SSSDConfig/sssdoptions.py:159
++msgid ""
++"A comma-separated list of groups, members of which should have session "
++"recording enabled. Matches group names as returned by NSS. I.e. after the "
++"possible space replacement, case changes, etc."
++msgstr ""
+
+-#: src/tools/sss_useradd.c:280
+-msgid "Transaction error. Could not add user.\n"
+-msgstr "Erreur de transaction. Impossible d'ajouter l'utilisateur.\n"
++#: src/config/SSSDConfig/sssdoptions.py:164
++msgid "Identity provider"
++msgstr "Fournisseur d'identité"
+
+-#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
+-msgid "The GID of the group"
+-msgstr "Le GID du groupe"
++#: src/config/SSSDConfig/sssdoptions.py:165
++msgid "Authentication provider"
++msgstr "Fournisseur d'authentification"
+
+-#: src/tools/sss_groupadd.c:76
+-msgid "Specify group to add\n"
+-msgstr "Définir le groupe à ajouter\n"
++#: src/config/SSSDConfig/sssdoptions.py:166
++msgid "Access control provider"
++msgstr "Fournisseur de contrôle d'accès"
+
+-#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
+-msgid "The selected GID is outside the allowed range\n"
+-msgstr "Le GID choisit est en dehors de la plage autorisée\n"
++#: src/config/SSSDConfig/sssdoptions.py:167
++msgid "Password change provider"
++msgstr "Fournisseur de changement de mot de passe"
+
+-#: src/tools/sss_groupadd.c:143
+-msgid "Could not allocate ID for the group - domain full?\n"
+-msgstr "Impossible d'allouer l'identifiant du groupe - domaine plein ?\n"
++#: src/config/SSSDConfig/sssdoptions.py:168
++msgid "SUDO provider"
++msgstr "Fournisseur SUDO"
+
+-#: src/tools/sss_groupadd.c:147
+-msgid "A group with the same name or GID already exists\n"
+-msgstr "Un groupe avec le même nom ou GID existe déjà\n"
++#: src/config/SSSDConfig/sssdoptions.py:169
++msgid "Autofs provider"
++msgstr "Fournisseur autofs"
+
+-#: src/tools/sss_groupadd.c:153
+-msgid "Transaction error. Could not add group.\n"
+-msgstr "Erreur de transaction. Impossible d'ajouter le groupe.\n"
++#: src/config/SSSDConfig/sssdoptions.py:170
++msgid "Host identity provider"
++msgstr "Fournisseur d'identité de l'hôte"
+
+-#: src/tools/sss_groupdel.c:70
+-msgid "Specify group to delete\n"
+-msgstr "Spécifier le groupe à supprimer\n"
++#: src/config/SSSDConfig/sssdoptions.py:171
++msgid "SELinux provider"
++msgstr "Fournisseur SELinux"
+
+-#: src/tools/sss_groupdel.c:104
+-#, c-format
+-msgid "Group %1$s is outside the defined ID range for domain\n"
+-msgstr ""
+-"Le groupe %1$s est en dehors de la plage d'identifiants définie pour le "
+-"domaine\n"
++#: src/config/SSSDConfig/sssdoptions.py:172
++msgid "Session management provider"
++msgstr "Fournisseur de gestion de session"
+
+-#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+-#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+-#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
+-#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
+-#, c-format
+-msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
++#: src/config/SSSDConfig/sssdoptions.py:173
++msgid "Resolver provider"
+ msgstr ""
+-"Échec de requête NSS (%1$d). L'entrée peut persister dans le cache en "
+-"mémoire.\n"
+
+-#: src/tools/sss_groupdel.c:132
+-msgid ""
+-"No such group in local domain. Removing groups only allowed in local "
+-"domain.\n"
+-msgstr ""
+-"Aucun groupe dans le domaine local. La suppression de groupes n'est "
+-"autorisée que dans le domaine local.\n"
++#: src/config/SSSDConfig/sssdoptions.py:176
++msgid "Whether the domain is usable by the OS or by applications"
++msgstr "Si le domaine est utilisable par l'OS ou par des applications"
+
+-#: src/tools/sss_groupdel.c:137
+-msgid "Internal error. Could not remove group.\n"
+-msgstr "Erreur interne. Impossible de supprimer le groupe.\n"
++#: src/config/SSSDConfig/sssdoptions.py:177
++msgid "Minimum user ID"
++msgstr "Identifiant utilisateur minimum"
+
+-#: src/tools/sss_groupmod.c:44
+-msgid "Groups to add this group to"
+-msgstr "Groupes auxquels ce groupe sera ajouté"
++#: src/config/SSSDConfig/sssdoptions.py:178
++msgid "Maximum user ID"
++msgstr "Identifiant utilisateur maximum"
+
+-#: src/tools/sss_groupmod.c:46
+-msgid "Groups to remove this group from"
+-msgstr "Groupes desquels ce groupe sera retiré"
++#: src/config/SSSDConfig/sssdoptions.py:179
++msgid "Enable enumerating all users/groups"
++msgstr "Activer l'énumération de tous les utilisateurs/groupes"
+
+-#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
+-msgid "Specify group to remove from\n"
+-msgstr "Définir le groupe duquel supprimer\n"
++#: src/config/SSSDConfig/sssdoptions.py:180
++msgid "Cache credentials for offline login"
++msgstr "Mettre en cache les crédits pour une connexion hors-ligne"
+
+-#: src/tools/sss_groupmod.c:101
+-msgid "Specify group to modify\n"
+-msgstr "Définir le groupe à modifier\n"
++#: src/config/SSSDConfig/sssdoptions.py:181
++msgid "Display users/groups in fully-qualified form"
++msgstr ""
++"Afficher les utilisateurs/groupes dans un format complétement qualifié"
+
+-#: src/tools/sss_groupmod.c:130
++#: src/config/SSSDConfig/sssdoptions.py:182
++msgid "Don't include group members in group lookups"
++msgstr ""
++"Ne pas inclure les membres des groupes dans les recherches de groupes."
++
++#: src/config/SSSDConfig/sssdoptions.py:183
++#: src/config/SSSDConfig/sssdoptions.py:193
++#: src/config/SSSDConfig/sssdoptions.py:194
++#: src/config/SSSDConfig/sssdoptions.py:195
++#: src/config/SSSDConfig/sssdoptions.py:196
++#: src/config/SSSDConfig/sssdoptions.py:197
++#: src/config/SSSDConfig/sssdoptions.py:198
++#: src/config/SSSDConfig/sssdoptions.py:199
++msgid "Entry cache timeout length (seconds)"
++msgstr "Durée de validité des entrées en cache (en secondes)"
++
++#: src/config/SSSDConfig/sssdoptions.py:184
+ msgid ""
+-"Cannot find group in local domain, modifying groups is allowed only in local "
+-"domain\n"
++"Restrict or prefer a specific address family when performing DNS lookups"
+ msgstr ""
+-"Impossible de trouver le groupe dans le domaine local, la modification des "
+-"groupes n'est autorisée que dans le domaine local\n"
++"Restreindre ou préférer une famille d'adresses lors des recherches DNS"
+
+-#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
+-msgid "Member groups must be in the same domain as parent group\n"
++#: src/config/SSSDConfig/sssdoptions.py:185
++msgid "How long to keep cached entries after last successful login (days)"
+ msgstr ""
+-"Les membres du groupe doivent être dans le même domaine que le groupe "
+-"parent\n"
++"Durée de validité des entrées en cache après la dernière connexion réussie "
++"(en jours)"
+
+-#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+-#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
+-#, c-format
++#: src/config/SSSDConfig/sssdoptions.py:186
+ msgid ""
+-"Cannot find group %1$s in local domain, only groups in local domain are "
+-"allowed\n"
++"How long should SSSD talk to single DNS server before trying next server "
++"(miliseconds)"
+ msgstr ""
+-"Impossible de trouver le groupe %1$s dans le domaine local, seuls les "
+-"groupes du domaine local sont autorisés\n"
++"Combien de temps le SSSD doit-il parler à un seul serveur DNS avant "
++"d'essayer le serveur suivant (en millisecondes)"
+
+-#: src/tools/sss_groupmod.c:257
+-msgid "Could not modify group - check if member group names are correct\n"
++#: src/config/SSSDConfig/sssdoptions.py:188
++msgid "How long should keep trying to resolve single DNS query (seconds)"
+ msgstr ""
+-"Impossible de modifier le groupe - vérifier que les noms des groupes membres "
+-"sont corrects\n"
++"Combien de temps faut-il continuer à essayer de résoudre une seule requête "
++"DNS (en secondes)"
+
+-#: src/tools/sss_groupmod.c:261
+-msgid "Could not modify group - check if groupname is correct\n"
++#: src/config/SSSDConfig/sssdoptions.py:189
++msgid "How long to wait for replies from DNS when resolving servers (seconds)"
+ msgstr ""
+-"Impossible de modifier le groupe - vérifier que le nom du groupe est "
+-"correct\n"
++"Délai d'attente des réponses du DNS lors de la résolution des serveurs (en "
++"secondes)"
+
+-#: src/tools/sss_groupmod.c:265
+-msgid "Transaction error. Could not modify group.\n"
+-msgstr "Erreur de transaction. Impossible de modifier le groupe.\n"
++#: src/config/SSSDConfig/sssdoptions.py:190
++msgid "The domain part of service discovery DNS query"
++msgstr "La partie domaine de la requête de découverte de service DNS"
+
+-#: src/tools/sss_groupshow.c:616
+-msgid "Magic Private "
+-msgstr "Magie privée"
++#: src/config/SSSDConfig/sssdoptions.py:191
++msgid "Override GID value from the identity provider with this value"
++msgstr "Écraser la valeur du GID du fournisseur d'identité avec cette valeur"
+
+-#: src/tools/sss_groupshow.c:615
+-#, c-format
+-msgid "%1$s%2$sGroup: %3$s\n"
+-msgstr "%1$s%2$sGroup: %3$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:192
++msgid "Treat usernames as case sensitive"
++msgstr "Considère les noms d'utilisateur comme casse dépendant"
+
+-#: src/tools/sss_groupshow.c:618
+-#, c-format
+-msgid "%1$sGID number: %2$d\n"
+-msgstr "%1$s GID numéro : %2$d\n"
++#: src/config/SSSDConfig/sssdoptions.py:200
++msgid "How often should expired entries be refreshed in background"
++msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées"
+
+-#: src/tools/sss_groupshow.c:620
+-#, c-format
+-msgid "%1$sMember users: "
+-msgstr "Utilisateurs membres de %1$s :"
++#: src/config/SSSDConfig/sssdoptions.py:201
++msgid "Whether to automatically update the client's DNS entry"
++msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client"
+
+-#: src/tools/sss_groupshow.c:627
+-#, c-format
+-msgid ""
+-"\n"
+-"%1$sIs a member of: "
+-msgstr ""
+-"\n"
+-"%1$s est membre de : "
++#: src/config/SSSDConfig/sssdoptions.py:202
++#: src/config/SSSDConfig/sssdoptions.py:232
++msgid "The TTL to apply to the client's DNS entry after updating it"
++msgstr "Le TTL à appliquer à l'entrée DNS du client après modification"
+
+-#: src/tools/sss_groupshow.c:634
+-#, c-format
+-msgid ""
+-"\n"
+-"%1$sMember groups: "
++#: src/config/SSSDConfig/sssdoptions.py:203
++#: src/config/SSSDConfig/sssdoptions.py:233
++msgid "The interface whose IP should be used for dynamic DNS updates"
+ msgstr ""
+-"\n"
+-"Groupes membres de %1$s : "
++"L'interface dont l'adresse IP doit être utilisée pour les mises à jour "
++"dynamiques du DNS"
+
+-#: src/tools/sss_groupshow.c:670
+-msgid "Print indirect group members recursively"
+-msgstr "Afficher les membres du groupe indirects récursivement"
++#: src/config/SSSDConfig/sssdoptions.py:204
++msgid "How often to periodically update the client's DNS entry"
++msgstr "Fréquence de mise à jour automatique de l'entrée DNS du client"
+
+-#: src/tools/sss_groupshow.c:704
+-msgid "Specify group to show\n"
+-msgstr "Définir le groupe à afficher\n"
++#: src/config/SSSDConfig/sssdoptions.py:205
++msgid "Whether the provider should explicitly update the PTR record as well"
++msgstr ""
++"Selon que le fournisseur doit aussi ou non mettre à jour explicitement "
++"l'enregistrement PTR"
+
+-#: src/tools/sss_groupshow.c:744
+-msgid ""
+-"No such group in local domain. Printing groups only allowed in local "
+-"domain.\n"
++#: src/config/SSSDConfig/sssdoptions.py:206
++msgid "Whether the nsupdate utility should default to using TCP"
++msgstr "Selon que l'utilitaire nsupdate doit utiliser TCP par défaut"
++
++#: src/config/SSSDConfig/sssdoptions.py:207
++msgid "What kind of authentication should be used to perform the DNS update"
+ msgstr ""
+-"Aucun groupe dans le domaine local. L'affichage des groupes n'est autorisé "
+-"que dans le domaine local.\n"
++"Quel type d'authentification doit être utilisée pour effectuer la mise à "
++"jour DNS"
+
+-#: src/tools/sss_groupshow.c:749
+-msgid "Internal error. Could not print group.\n"
+-msgstr "Erreur interne. Impossible d'afficher le groupe.\n"
++#: src/config/SSSDConfig/sssdoptions.py:208
++msgid "Override the DNS server used to perform the DNS update"
++msgstr "Remplace le serveur DNS utilisé pour effectuer la mise à jour du DNS"
+
+-#: src/tools/sss_userdel.c:138
+-msgid "Remove home directory and mail spool"
+-msgstr "Suppression du répertoire personnel et de gestion des mails"
++#: src/config/SSSDConfig/sssdoptions.py:209
++msgid "Control enumeration of trusted domains"
++msgstr "Contrôle l'énumération des domaines approuvés"
+
+-#: src/tools/sss_userdel.c:140
+-msgid "Do not remove home directory and mail spool"
+-msgstr "Ne pas supprimer le répertoire personnel et de gestion des mails"
++#: src/config/SSSDConfig/sssdoptions.py:210
++msgid "How often should subdomains list be refreshed"
++msgstr "Fréquence de rafraîchissement des sous-domaines"
+
+-#: src/tools/sss_userdel.c:142
+-msgid "Force removal of files not owned by the user"
+-msgstr "Forcer la suppression des fichiers n'appartenant pas à l'utilisateur"
++#: src/config/SSSDConfig/sssdoptions.py:211
++msgid "List of options that should be inherited into a subdomain"
++msgstr "Listes des options qui doivent être héritées dans le sous-domaine"
+
+-#: src/tools/sss_userdel.c:144
+-msgid "Kill users' processes before removing him"
+-msgstr "Tuer les processus de l'utilisateur avant de le supprimer"
++#: src/config/SSSDConfig/sssdoptions.py:212
++msgid "Default subdomain homedir value"
++msgstr "Valeur par défaut du sous-domaine homedir"
+
+-#: src/tools/sss_userdel.c:190
+-msgid "Specify user to delete\n"
+-msgstr "Définir l'utilisateur à supprimer\n"
++#: src/config/SSSDConfig/sssdoptions.py:213
++msgid "How long can cached credentials be used for cached authentication"
++msgstr ""
++"Combien de temps les informations d'identification en cache peuvent-elles "
++"être utilisées pour l'authentification en cache"
+
+-#: src/tools/sss_userdel.c:236
+-#, c-format
+-msgid "User %1$s is outside the defined ID range for domain\n"
++#: src/config/SSSDConfig/sssdoptions.py:214
++msgid "Whether to automatically create private groups for users"
+ msgstr ""
+-"L'utilisateur %1$s est en dehors de la plage d'identifiants définie pour le "
+-"domaine\n"
++"S'il faut créer automatiquement des groupes privés pour les utilisateurs"
+
+-#: src/tools/sss_userdel.c:261
+-msgid "Cannot reset SELinux login context\n"
+-msgstr "Impossible de réinitialiser le contexte de connexion SELinux\n"
+-
+-#: src/tools/sss_userdel.c:273
+-#, c-format
+-msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
++#: src/config/SSSDConfig/sssdoptions.py:215
++msgid "Display a warning N days before the password expires."
+ msgstr ""
+-"ATTENTION : l'utilisateur (uid %1$lu) était encore connecté lors de sa "
+-"suppression.\n"
+
+-#: src/tools/sss_userdel.c:278
+-msgid "Cannot determine if the user was logged in on this platform"
++#: src/config/SSSDConfig/sssdoptions.py:216
++msgid ""
++"Various tags stored by the realmd configuration service for this domain."
+ msgstr ""
+-"Impossible de savoir si l'utilisateur était connecté sur cette plateforme"
+-
+-#: src/tools/sss_userdel.c:283
+-msgid "Error while checking if the user was logged in\n"
+-msgstr "Erreur en vérifiant si l'utilisateur était connecté\n"
+-
+-#: src/tools/sss_userdel.c:290
+-#, c-format
+-msgid "The post-delete command failed: %1$s\n"
+-msgstr "La commande post-suppression a échoué : %1$s\n"
+
+-#: src/tools/sss_userdel.c:310
+-msgid "Not removing home dir - not owned by user\n"
++#: src/config/SSSDConfig/sssdoptions.py:217
++msgid ""
++"The provider which should handle fetching of subdomains. This value should "
++"be always the same as id_provider."
+ msgstr ""
+-"Le répertoire personnel n'est pas supprimé - l'utilisateur n'en est pas le "
+-"propriétaire\n"
+
+-#: src/tools/sss_userdel.c:312
+-#, c-format
+-msgid "Cannot remove homedir: %1$s\n"
+-msgstr "Impossible de supprimer le répertoire utilisateur : %1$s\n"
+-
+-#: src/tools/sss_userdel.c:326
++#: src/config/SSSDConfig/sssdoptions.py:219
+ msgid ""
+-"No such user in local domain. Removing users only allowed in local domain.\n"
++"How many seconds to keep a host ssh key after refresh. IE how long to cache "
++"the host key for."
+ msgstr ""
+-"Aucun utilisateur dans le domaine local. La suppression des utilisateurs "
+-"n'est autorisée que dans le domaine local.\n"
+-
+-#: src/tools/sss_userdel.c:331
+-msgid "Internal error. Could not remove user.\n"
+-msgstr "Erreur interne. Impossible de supprimer l'utilisateur.\n"
+-
+-#: src/tools/sss_usermod.c:49
+-msgid "The GID of the user"
+-msgstr "Le GID de l'utilisateur"
+
+-#: src/tools/sss_usermod.c:53
+-msgid "Groups to add this user to"
+-msgstr "Groupes auxquels ajouter cet utilisateur"
++#: src/config/SSSDConfig/sssdoptions.py:221
++msgid ""
++"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
++"this value determines the minimal length the first authentication factor "
++"(long term password) must have to be saved as SHA512 hash into the cache."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:54
+-msgid "Groups to remove this user from"
+-msgstr "Groupes auxquels enlever cet utilisateur"
++#: src/config/SSSDConfig/sssdoptions.py:227
++msgid "IPA domain"
++msgstr "Domaine IPA"
+
+-#: src/tools/sss_usermod.c:55
+-msgid "Lock the account"
+-msgstr "Verrouiller le compte"
++#: src/config/SSSDConfig/sssdoptions.py:228
++msgid "IPA server address"
++msgstr "Adresse du serveur IPA"
+
+-#: src/tools/sss_usermod.c:56
+-msgid "Unlock the account"
+-msgstr "Déverrouiller le compte"
++#: src/config/SSSDConfig/sssdoptions.py:229
++msgid "Address of backup IPA server"
++msgstr "Adresse du serveur IPA de secours"
+
+-#: src/tools/sss_usermod.c:57
+-msgid "Add an attribute/value pair. The format is attrname=value."
+-msgstr "Ajouter une paire attribut/valeur. Le format est nom_attribut=valeur."
++#: src/config/SSSDConfig/sssdoptions.py:230
++msgid "IPA client hostname"
++msgstr "Nom de système du client IPA"
+
+-#: src/tools/sss_usermod.c:58
+-msgid "Delete an attribute/value pair. The format is attrname=value."
++#: src/config/SSSDConfig/sssdoptions.py:231
++msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+ msgstr ""
+-"Supprimer une paire attribut/valeur. Le format est nom_attribut=valeur."
++"Choisir de mettre à jour automatiquement l'entrée DNS du client dans FreeIPA"
+
+-#: src/tools/sss_usermod.c:59
++#: src/config/SSSDConfig/sssdoptions.py:234
++msgid "Search base for HBAC related objects"
++msgstr "Base de recherche pour les objets HBAC"
++
++#: src/config/SSSDConfig/sssdoptions.py:235
+ msgid ""
+-"Set an attribute to a name/value pair. The format is attrname=value. For "
+-"multi-valued attributes, the command replaces the values already present"
+-msgstr ""
+-"Définir une paire attribut/valeur. Le format est nom_attribut=valeur. Pour "
+-"les attributs multi-valués, la commande remplace les valeurs déjà présentes."
++"The amount of time between lookups of the HBAC rules against the IPA server"
++msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA"
+
+-#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
+-#: src/tools/sss_usermod.c:135
+-msgid "Specify the attribute name/value pair(s)\n"
+-msgstr "Indiquer les paires nom d'attributs et valeurs.\n"
++#: src/config/SSSDConfig/sssdoptions.py:236
++msgid ""
++"The amount of time in seconds between lookups of the SELinux maps against "
++"the IPA server"
++msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA"
+
+-#: src/tools/sss_usermod.c:152
+-msgid "Specify user to modify\n"
+-msgstr "Spécifier l'utilisateur à modifier\n"
++#: src/config/SSSDConfig/sssdoptions.py:238
++msgid "If set to false, host argument given by PAM will be ignored"
++msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré"
+
+-#: src/tools/sss_usermod.c:180
+-msgid ""
+-"Cannot find user in local domain, modifying users is allowed only in local "
+-"domain\n"
++#: src/config/SSSDConfig/sssdoptions.py:239
++msgid "The automounter location this IPA client is using"
+ msgstr ""
+-"Impossible de trouver l'utilisateur dans le domaine local, la modification "
+-"des utilisateurs n'est autorisée que dans le domaine local\n"
++"L'emplacement de la carte de montage automatique utilisée par le client IPA"
+
+-#: src/tools/sss_usermod.c:322
+-msgid "Could not modify user - check if group names are correct\n"
++#: src/config/SSSDConfig/sssdoptions.py:240
++msgid "Search base for object containing info about IPA domain"
+ msgstr ""
+-"Impossible de modifier l'utilisateur - vérifiez que les noms de groupe sont "
+-"corrects\n"
++"Base de recherche pour l'objet contenant les informations de base à propos "
++"du domaine IPA"
+
+-#: src/tools/sss_usermod.c:326
+-msgid "Could not modify user - user already member of groups?\n"
++#: src/config/SSSDConfig/sssdoptions.py:241
++msgid "Search base for objects containing info about ID ranges"
+ msgstr ""
+-"Impossible de modifier l'utilisateur - l'utilisateur est déjà membre du "
+-"groupe ?\n"
++"Base de recherche pour les objets contenant les informations à propos des "
++"plages d'ID"
+
+-#: src/tools/sss_usermod.c:330
+-msgid "Transaction error. Could not modify user.\n"
+-msgstr "Erreur de transaction. Impossible de modifier l'utlisateur.\n"
++#: src/config/SSSDConfig/sssdoptions.py:242
++#: src/config/SSSDConfig/sssdoptions.py:296
++msgid "Enable DNS sites - location based service discovery"
++msgstr "Activer les sites DNS - découverte de service basée sur l'emplacement"
+
+-#: src/tools/sss_cache.c:245
+-msgid "No cache object matched the specified search\n"
+-msgstr "Aucun object trouvé dans le cache pour la recherche spécifiée\n"
++#: src/config/SSSDConfig/sssdoptions.py:243
++msgid "Search base for view containers"
++msgstr "Base de recherche des conteneurs de vues"
+
+-#: src/tools/sss_cache.c:536
+-#, c-format
+-msgid "Couldn't invalidate %1$s\n"
+-msgstr "Impossible d'invalider %1$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:244
++msgid "Objectclass for view containers"
++msgstr "Classe d'objet pour les conteneurs de vues"
+
+-#: src/tools/sss_cache.c:543
+-#, c-format
+-msgid "Couldn't invalidate %1$s %2$s\n"
+-msgstr "Impossible d'invalider %1$s %2$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:245
++msgid "Attribute with the name of the view"
++msgstr "Attribut avec le nom de la vue"
+
+-#: src/tools/sss_cache.c:721
+-msgid "Invalidate all cached entries"
+-msgstr "Invalidez toutes les entrées en cache"
++#: src/config/SSSDConfig/sssdoptions.py:246
++msgid "Objectclass for override objects"
++msgstr "Classe d'objet surchargeant les objets"
+
+-#: src/tools/sss_cache.c:723
+-msgid "Invalidate particular user"
+-msgstr "Invalider un utilisateur spécifique"
++#: src/config/SSSDConfig/sssdoptions.py:247
++msgid "Attribute with the reference to the original object"
++msgstr "Attribut faisant référence à l'objet originel "
+
+-#: src/tools/sss_cache.c:725
+-msgid "Invalidate all users"
+-msgstr "Invalider tous les utilisateurs"
++#: src/config/SSSDConfig/sssdoptions.py:248
++msgid "Objectclass for user override objects"
++msgstr "Classe d'objet surchargeant les utilisateurs"
+
+-#: src/tools/sss_cache.c:727
+-msgid "Invalidate particular group"
+-msgstr "Invalider un groupe particulier"
++#: src/config/SSSDConfig/sssdoptions.py:249
++msgid "Objectclass for group override objects"
++msgstr "Classe d'objet surchargeant les groupes"
+
+-#: src/tools/sss_cache.c:729
+-msgid "Invalidate all groups"
+-msgstr "Invalider tous les groupes"
++#: src/config/SSSDConfig/sssdoptions.py:250
++msgid "Search base for Desktop Profile related objects"
++msgstr "Base de recherche pour les objets liés au Profil du Bureau"
+
+-#: src/tools/sss_cache.c:731
+-msgid "Invalidate particular netgroup"
+-msgstr "Invalider un groupe réseau particulier"
++#: src/config/SSSDConfig/sssdoptions.py:251
++msgid ""
++"The amount of time in seconds between lookups of the Desktop Profile rules "
++"against the IPA server"
++msgstr ""
++"Le temps, en secondes, entre les consultations des règles du profil du "
++"bureau sur le serveur IPA"
+
+-#: src/tools/sss_cache.c:733
+-msgid "Invalidate all netgroups"
+-msgstr "Invalider tous les groupes réseau"
++#: src/config/SSSDConfig/sssdoptions.py:253
++msgid ""
++"The amount of time in minutes between lookups of Desktop Profiles rules "
++"against the IPA server when the last request did not find any rule"
++msgstr ""
++"Le temps en minutes entre les consultations des règles de profile de bureau "
++"sur le serveur IPA lorsque la dernière requête n'a trouvé aucune règle"
+
+-#: src/tools/sss_cache.c:735
+-msgid "Invalidate particular service"
+-msgstr "Invalidation d'un service particulier"
++#: src/config/SSSDConfig/sssdoptions.py:256
++msgid "The LDAP attribute that contains FQDN of the host."
++msgstr ""
+
+-#: src/tools/sss_cache.c:737
+-msgid "Invalidate all services"
+-msgstr "Invalidation de tous les services"
++#: src/config/SSSDConfig/sssdoptions.py:257
++#: src/config/SSSDConfig/sssdoptions.py:280
++msgid "The object class of a host entry in LDAP."
++msgstr ""
+
+-#: src/tools/sss_cache.c:740
+-msgid "Invalidate particular autofs map"
+-msgstr "Invalidation d'une carte autofs particulière"
++#: src/config/SSSDConfig/sssdoptions.py:258
++msgid "Use the given string as search base for host objects."
++msgstr ""
+
+-#: src/tools/sss_cache.c:742
+-msgid "Invalidate all autofs maps"
+-msgstr "Invalidation de toutes les cartes autofs"
++#: src/config/SSSDConfig/sssdoptions.py:259
++msgid "The LDAP attribute that contains the host's SSH public keys."
++msgstr ""
+
+-#: src/tools/sss_cache.c:746
+-msgid "Invalidate particular SSH host"
+-msgstr "Invalider un hôte SSH particulier"
++#: src/config/SSSDConfig/sssdoptions.py:260
++msgid "The LDAP attribute that contains NIS domain name of the netgroup."
++msgstr ""
+
+-#: src/tools/sss_cache.c:748
+-msgid "Invalidate all SSH hosts"
+-msgstr "Invalider tous les hôtes SSH"
++#: src/config/SSSDConfig/sssdoptions.py:261
++msgid "The LDAP attribute that contains the names of the netgroup's members."
++msgstr ""
+
+-#: src/tools/sss_cache.c:752
+-msgid "Invalidate particular sudo rule"
+-msgstr "Invalider une règle sudo particulière"
++#: src/config/SSSDConfig/sssdoptions.py:262
++msgid ""
++"The LDAP attribute that lists FQDNs of hosts and host groups that are "
++"members of the netgroup."
++msgstr ""
+
+-#: src/tools/sss_cache.c:754
+-msgid "Invalidate all cached sudo rules"
+-msgstr "Invalider toutes les règles sudo en cache"
++#: src/config/SSSDConfig/sssdoptions.py:264
++msgid ""
++"The LDAP attribute that lists hosts and host groups that are direct members "
++"of the netgroup."
++msgstr ""
+
+-#: src/tools/sss_cache.c:757
+-msgid "Only invalidate entries from a particular domain"
+-msgstr "N'invalider des entrées que d'un domaine spécifique"
++#: src/config/SSSDConfig/sssdoptions.py:266
++msgid "The LDAP attribute that lists netgroup's memberships."
++msgstr ""
+
+-#: src/tools/sss_cache.c:811
++#: src/config/SSSDConfig/sssdoptions.py:267
+ msgid ""
+-"Unexpected argument(s) provided, options that invalidate a single object "
+-"only accept a single provided argument.\n"
++"The LDAP attribute that lists system users and groups that are direct "
++"members of the netgroup."
+ msgstr ""
+-"Argument(s) inattendu(s) fourni(s), les options qui invalident un seul objet "
+-"n'acceptent qu'un seul argument fourni.\n"
+
+-#: src/tools/sss_cache.c:821
+-msgid "Please select at least one object to invalidate\n"
+-msgstr "Merci de sélectionner au moins un objet à invalider\n"
++#: src/config/SSSDConfig/sssdoptions.py:269
++msgid "The LDAP attribute that corresponds to the netgroup name."
++msgstr ""
+
+-#: src/tools/sss_cache.c:904
+-#, c-format
++#: src/config/SSSDConfig/sssdoptions.py:270
++msgid "The object class of a netgroup entry in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:271
+ msgid ""
+-"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
+-"use fully qualified name instead of --domain/-d parameter.\n"
++"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
+ msgstr ""
+-"Impossible d'ouvrir le domaine %1$s. Si le domaine est un sous-domaine "
+-"(domaine approuvé), utiliser le nom pleinement qualifié au lieu du paramètre "
+-"--domain/-d.\n"
+
+-#: src/tools/sss_cache.c:909
+-msgid "Could not open available domains\n"
+-msgstr "Impossible d'ouvrir aucun des domaines disponibles\n"
++#: src/config/SSSDConfig/sssdoptions.py:272
++msgid ""
++"The LDAP attribute that contains whether or not is user map enabled for "
++"usage."
++msgstr ""
+
+-#: src/tools/tools_util.c:202
+-#, c-format
+-msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
++#: src/config/SSSDConfig/sssdoptions.py:274
++msgid "The LDAP attribute that contains host category such as 'all'."
+ msgstr ""
+-"Le nom « %1$s » ne semble pas être un FQDN (« %2$s = TRUE » est configuré)\n"
+
+-#: src/tools/tools_util.c:309
+-msgid "Out of memory\n"
+-msgstr "Mémoire saturée\n"
++#: src/config/SSSDConfig/sssdoptions.py:275
++msgid ""
++"The LDAP attribute that contains all hosts / hostgroups this rule match "
++"against."
++msgstr ""
+
+-#: src/tools/tools_util.h:40
+-#, c-format
+-msgid "%1$s must be run as root\n"
+-msgstr "%1$s doit être lancé en tant que root\n"
++#: src/config/SSSDConfig/sssdoptions.py:277
++msgid ""
++"The LDAP attribute that contains all users / groups this rule match against."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl.c:35
+-msgid "yes"
+-msgstr "oui"
++#: src/config/SSSDConfig/sssdoptions.py:279
++msgid "The LDAP attribute that contains the name of SELinux usermap."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl.c:37
+-msgid "no"
+-msgstr "non"
++#: src/config/SSSDConfig/sssdoptions.py:281
++msgid ""
++"The LDAP attribute that contains DN of HBAC rule which can be used for "
++"matching instead of memberUser and memberHost."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl.c:39
+-msgid "error"
+-msgstr "erreur"
++#: src/config/SSSDConfig/sssdoptions.py:283
++msgid "The LDAP attribute that contains SELinux user string itself."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl.c:42
+-msgid "Invalid result."
+-msgstr "Résultat non valide."
++#: src/config/SSSDConfig/sssdoptions.py:284
++msgid "The LDAP attribute that contains user category such as 'all'."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl.c:78
+-msgid "Unable to read user input\n"
+-msgstr "Impossible de lire l'entrée de l'utilisateur\n"
++#: src/config/SSSDConfig/sssdoptions.py:285
++msgid "The LDAP attribute that contains unique ID of the user map."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl.c:91
+-#, c-format
+-msgid "Invalid input, please provide either '%s' or '%s'.\n"
+-msgstr "Entrée non valable, veuillez fournir %s ou %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:286
++msgid ""
++"The option denotes that the SSSD is running on IPA server and should perform "
++"lookups of users and groups from trusted domains differently."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
+-msgid "Error while executing external command\n"
+-msgstr "Erreur lors de l'exécution d'une commande externe\n"
++#: src/config/SSSDConfig/sssdoptions.py:288
++msgid "Use the given string as search base for trusted domains."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl.c:156
+-msgid "SSSD needs to be running. Start SSSD now?"
+-msgstr "Le SSSD doit être exécuté. Démarrer le SSSD maintenant ?"
++#: src/config/SSSDConfig/sssdoptions.py:291
++msgid "Active Directory domain"
++msgstr "Domaine Active Directory"
+
+-#: src/tools/sssctl/sssctl.c:195
+-msgid "SSSD must not be running. Stop SSSD now?"
+-msgstr ""
+-"Le SSSD ne doit pas être en cours d'exécution. Arrêter le SSSD maintenant ?"
++#: src/config/SSSDConfig/sssdoptions.py:292
++msgid "Enabled Active Directory domains"
++msgstr "Domaine d’Active Directory activés"
+
+-#: src/tools/sssctl/sssctl.c:231
+-msgid "SSSD needs to be restarted. Restart SSSD now?"
+-msgstr "Le SSSD doit être relancé. Redémarrer SSSD maintenant ?"
++#: src/config/SSSDConfig/sssdoptions.py:293
++msgid "Active Directory server address"
++msgstr "Adresse du serveur Active Directory"
+
+-#: src/tools/sssctl/sssctl_cache.c:31
+-#, c-format
+-msgid " %s is not present in cache.\n"
+-msgstr " %s n'est pas présent dans le cache.\n"
++#: src/config/SSSDConfig/sssdoptions.py:294
++msgid "Active Directory backup server address"
++msgstr "Adresse du serveur Active Directory de secours"
+
+-#: src/tools/sssctl/sssctl_cache.c:33
+-msgid "Name"
+-msgstr "Nom"
++#: src/config/SSSDConfig/sssdoptions.py:295
++msgid "Active Directory client hostname"
++msgstr "Nom de système du client Active Directory"
+
+-#: src/tools/sssctl/sssctl_cache.c:34
+-msgid "Cache entry creation date"
+-msgstr "Date de création de l'entrée en cache"
++#: src/config/SSSDConfig/sssdoptions.py:297
++#: src/config/SSSDConfig/sssdoptions.py:488
++msgid "LDAP filter to determine access privileges"
++msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
+
+-#: src/tools/sssctl/sssctl_cache.c:35
+-msgid "Cache entry last update time"
+-msgstr "Heure de la dernière mise à jour de l'entrée du cache"
+-
+-#: src/tools/sssctl/sssctl_cache.c:36
+-msgid "Cache entry expiration time"
+-msgstr "Temps d'expiration de l'entrée du cache"
+-
+-#: src/tools/sssctl/sssctl_cache.c:37
+-msgid "Cached in InfoPipe"
+-msgstr "Mise en cache dans InfoPipe"
+-
+-#: src/tools/sssctl/sssctl_cache.c:522
+-#, c-format
+-msgid "Error: Unable to get object [%d]: %s\n"
+-msgstr "Erreur : Impossible d'obtenir l'objet [%d] : %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:298
++msgid "Whether to use the Global Catalog for lookups"
++msgstr "Choisir d'utiliser ou non le catalogue global pour les recherches"
+
+-#: src/tools/sssctl/sssctl_cache.c:538
+-#, c-format
+-msgid "%s: Unable to read value [%d]: %s\n"
+-msgstr "%s: Impossible de lire la valeur [%d] : %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:299
++msgid "Operation mode for GPO-based access control"
++msgstr "Mode opératoire pour les contrôles d'accès basé sur les GPO"
+
+-#: src/tools/sssctl/sssctl_cache.c:566
+-msgid "Specify name."
+-msgstr "Indiquez le nom."
++#: src/config/SSSDConfig/sssdoptions.py:300
++msgid ""
++"The amount of time between lookups of the GPO policy files against the AD "
++"server"
++msgstr ""
++"Durée entre les recherches de fichiers de politiques de GPO dans le serveur "
++"AD"
+
+-#: src/tools/sssctl/sssctl_cache.c:576
+-#, c-format
+-msgid "Unable to parse name %s.\n"
+-msgstr "Impossible d'analyser le nom %s.\n"
++#: src/config/SSSDConfig/sssdoptions.py:301
++msgid ""
++"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
++"settings"
++msgstr ""
++"Noms de services PAM correspondant à la configuration de la politique "
++"(Deny)InteractiveLogonRight de la GPO"
+
+-#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
+-msgid "Search by SID"
+-msgstr "Recherche par SID"
++#: src/config/SSSDConfig/sssdoptions.py:303
++msgid ""
++"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
++"policy settings"
++msgstr ""
++"Noms de services PAM correspondant à la configuration de la politique "
++"(Deny)RemoteInteractiveLogonRight de la GPO"
+
+-#: src/tools/sssctl/sssctl_cache.c:603
+-msgid "Search by user ID"
+-msgstr "Recherche par ID utilisateur"
++#: src/config/SSSDConfig/sssdoptions.py:305
++msgid ""
++"PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
++"settings"
++msgstr ""
++"Noms de services PAM correspondant à la configuration de la politique "
++"(Deny)NetworkLogonRight de la GPO"
+
+-#: src/tools/sssctl/sssctl_cache.c:612
+-msgid "Initgroups expiration time"
+-msgstr "Délai d'expiration des initgroups"
++#: src/config/SSSDConfig/sssdoptions.py:306
++msgid ""
++"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
++msgstr ""
++"Noms de services PAM correspondant à la configuration de la politique "
++"(Deny)BatchLogonRight de la GPO"
+
+-#: src/tools/sssctl/sssctl_cache.c:650
+-msgid "Search by group ID"
+-msgstr "Recherche par ID de groupe"
++#: src/config/SSSDConfig/sssdoptions.py:307
++msgid ""
++"PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
++"settings"
++msgstr ""
++"Noms de services PAM correspondant à la configuration de la politique "
++"(Deny)ServiceLogonRight de la GPO"
+
+-#: src/tools/sssctl/sssctl_config.c:70
+-#, c-format
+-msgid "Failed to open %s\n"
+-msgstr "N’a pas pu ouvrir %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:308
++msgid "PAM service names for which GPO-based access is always granted"
++msgstr ""
++"Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
++"toujours autorisés"
+
+-#: src/tools/sssctl/sssctl_config.c:75
+-#, c-format
+-msgid "File %1$s does not exist.\n"
+-msgstr "Le fichier %1$s n’existe pas.\n"
++#: src/config/SSSDConfig/sssdoptions.py:309
++msgid "PAM service names for which GPO-based access is always denied"
++msgstr ""
++"Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
++"toujours interdits"
+
+-#: src/tools/sssctl/sssctl_config.c:79
++#: src/config/SSSDConfig/sssdoptions.py:310
+ msgid ""
+-"File ownership and permissions check failed. Expected root:root and 0600.\n"
++"Default logon right (or permit/deny) to use for unmapped PAM service names"
+ msgstr ""
+-"La vérification de la propriété et des permissions des fichiers a échoué. "
+-"Attendue : root:root et 0600.\n"
+-
+-#: src/tools/sssctl/sssctl_config.c:85
+-#, fuzzy, c-format
+-msgid "Failed to load configuration from %s.\n"
+-msgstr "Echec du chargement de la configuration à partir de %s.\n"
++"Droit de connexion par défaut (ou permission/interdiction) à utiliser pour "
++"les noms de services sans correspondance"
+
+-#: src/tools/sssctl/sssctl_config.c:91
+-msgid "Error while reading configuration directory.\n"
+-msgstr "Erreur lors de la lecture du répertoire de configuration.\n"
++#: src/config/SSSDConfig/sssdoptions.py:311
++msgid "a particular site to be used by the client"
++msgstr "un site particulier utilisé par le client"
+
+-#: src/tools/sssctl/sssctl_config.c:99
++#: src/config/SSSDConfig/sssdoptions.py:312
+ msgid ""
+-"There is no configuration. SSSD will use default configuration with files "
+-"provider.\n"
++"Maximum age in days before the machine account password should be renewed"
+ msgstr ""
+-"Il n'y a pas de configuration. SSSD utilisera la configuration par défaut "
+-"avec le fournisseur de fichiers.\n"
++"Âge maximum en jours avant que le mot de passe du compte de la machine ne "
++"soit renouvelé"
+
+-#: src/tools/sssctl/sssctl_config.c:111
+-msgid "Failed to run validators"
+-msgstr "Échec de l'exécution des validateurs"
++#: src/config/SSSDConfig/sssdoptions.py:314
++msgid "Option for tuning the machine account renewal task"
++msgstr "Option de réglage de la tâche de renouvellement du compte machine"
+
+-#: src/tools/sssctl/sssctl_config.c:115
+-#, c-format
+-msgid "Issues identified by validators: %zu\n"
+-msgstr "Problèmes identifiés par les validateurs : %zu\n"
++#: src/config/SSSDConfig/sssdoptions.py:315
++msgid "Whether to update the machine account password in the Samba database"
++msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:126
+-#, c-format
+-msgid "Messages generated during configuration merging: %zu\n"
+-msgstr "Messages générés lors de la fusion des configurations : %zu\n"
++#: src/config/SSSDConfig/sssdoptions.py:317
++msgid "Use LDAPS port for LDAP and Global Catalog requests"
++msgstr "Utiliser le port LDAPS pour les requêtes LDAP et Catalogue global"
+
+-#: src/tools/sssctl/sssctl_config.c:137
+-#, c-format
+-msgid "Used configuration snippet files: %zu\n"
+-msgstr "Fichiers de configuration utilisés : %zu\n"
++#: src/config/SSSDConfig/sssdoptions.py:320
++#: src/config/SSSDConfig/sssdoptions.py:321
++msgid "Kerberos server address"
++msgstr "Adresse du serveur Kerberos"
+
+-#: src/tools/sssctl/sssctl_data.c:89
+-#, c-format
+-msgid "Unable to create backup directory [%d]: %s"
+-msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s"
++#: src/config/SSSDConfig/sssdoptions.py:322
++msgid "Kerberos backup server address"
++msgstr "Adresse du serveur Kerberos de secours"
+
+-#: src/tools/sssctl/sssctl_data.c:95
+-msgid "SSSD backup of local data already exists, override?"
+-msgstr "La sauvegarde SSSD des données locales existe déjà, la remplacer ?"
++#: src/config/SSSDConfig/sssdoptions.py:323
++msgid "Kerberos realm"
++msgstr "Domaine Kerberos"
+
+-#: src/tools/sssctl/sssctl_data.c:111
+-msgid "Unable to export user overrides\n"
+-msgstr "Impossible d'exporter les substitutions d'utilisateur\n"
++#: src/config/SSSDConfig/sssdoptions.py:324
++msgid "Authentication timeout"
++msgstr "Délai avant expiration de l'authentification"
+
+-#: src/tools/sssctl/sssctl_data.c:118
+-msgid "Unable to export group overrides\n"
+-msgstr "Impossible d'exporter les substitutions de groupes\n"
++#: src/config/SSSDConfig/sssdoptions.py:325
++msgid "Whether to create kdcinfo files"
++msgstr "Choisir de créer ou non les fichiers kdcinfo"
+
+-#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
+-msgid "Override existing backup"
+-msgstr "Remplacer la sauvegarde existante"
++#: src/config/SSSDConfig/sssdoptions.py:326
++msgid "Where to drop krb5 config snippets"
++msgstr "Où déposer les extraits de configuration krb5"
+
+-#: src/tools/sssctl/sssctl_data.c:164
+-msgid "Unable to import user overrides\n"
+-msgstr "Impossible d'importer les substitutions d'utilisateur\n"
++#: src/config/SSSDConfig/sssdoptions.py:329
++msgid "Directory to store credential caches"
++msgstr "Répertoire pour stocker les caches de crédits"
+
+-#: src/tools/sssctl/sssctl_data.c:173
+-msgid "Unable to import group overrides\n"
+-msgstr "Impossible d'importer les substitutions de groupes\n"
++#: src/config/SSSDConfig/sssdoptions.py:330
++msgid "Location of the user's credential cache"
++msgstr "Emplacement du cache de crédits de l'utilisateur"
+
+-#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
+-#: src/tools/sssctl/sssctl_domains.c:328
+-msgid "Start SSSD if it is not running"
+-msgstr "Démarrer SSSD s'il n'est pas en cours d'exécution"
++#: src/config/SSSDConfig/sssdoptions.py:331
++msgid "Location of the keytab to validate credentials"
++msgstr "Emplacement du fichier keytab de validation des crédits"
+
+-#: src/tools/sssctl/sssctl_data.c:195
+-msgid "Restart SSSD after data import"
+-msgstr "Redémarrer SSSD après l'importation des données"
++#: src/config/SSSDConfig/sssdoptions.py:332
++msgid "Enable credential validation"
++msgstr "Activer la validation des crédits"
+
+-#: src/tools/sssctl/sssctl_data.c:218
+-msgid "Create clean cache files and import local data"
+-msgstr "Créer des fichiers de cache propres et importer des données locales"
++#: src/config/SSSDConfig/sssdoptions.py:333
++msgid "Store password if offline for later online authentication"
++msgstr ""
++"Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure "
++"en ligne"
+
+-#: src/tools/sssctl/sssctl_data.c:219
+-msgid "Stop SSSD before removing the cache"
+-msgstr "Arrêtez SSSD avant de supprimer le cache"
++#: src/config/SSSDConfig/sssdoptions.py:334
++msgid "Renewable lifetime of the TGT"
++msgstr "Durée de vie renouvelable du TGT"
+
+-#: src/tools/sssctl/sssctl_data.c:220
+-msgid "Start SSSD when the cache is removed"
+-msgstr "Démarrer SSSD lorsque le cache est supprimé"
++#: src/config/SSSDConfig/sssdoptions.py:335
++msgid "Lifetime of the TGT"
++msgstr "Durée de vie du TGT"
+
+-#: src/tools/sssctl/sssctl_data.c:235
+-msgid "Creating backup of local data...\n"
+-msgstr "Création d'une sauvegarde des données locales...\n"
++#: src/config/SSSDConfig/sssdoptions.py:336
++msgid "Time between two checks for renewal"
++msgstr "Durée entre deux vérifications pour le renouvellement"
+
+-#: src/tools/sssctl/sssctl_data.c:238
+-msgid "Unable to create backup of local data, can not remove the cache.\n"
+-msgstr ""
+-"Impossible de créer une sauvegarde des données locales, impossible de "
+-"supprimer le cache.\n"
++#: src/config/SSSDConfig/sssdoptions.py:337
++msgid "Enables FAST"
++msgstr "Active FAST"
+
+-#: src/tools/sssctl/sssctl_data.c:243
+-msgid "Removing cache files...\n"
+-msgstr "Suppression des fichiers de cache...\n"
++#: src/config/SSSDConfig/sssdoptions.py:338
++msgid "Selects the principal to use for FAST"
++msgstr "Sélectionne le principal à utiliser avec FAST"
+
+-#: src/tools/sssctl/sssctl_data.c:246
+-msgid "Unable to remove cache files\n"
+-msgstr "Impossible de supprimer les fichiers de cache\n"
++#: src/config/SSSDConfig/sssdoptions.py:339
++msgid "Enables principal canonicalization"
++msgstr "Active la canonisation du principal"
+
+-#: src/tools/sssctl/sssctl_data.c:251
+-msgid "Restoring local data...\n"
+-msgstr "Restauration des données locales...\n"
++#: src/config/SSSDConfig/sssdoptions.py:340
++msgid "Enables enterprise principals"
++msgstr "Active les principals d'entreprise"
+
+-#: src/tools/sssctl/sssctl_domains.c:83
+-msgid "Show domain list including primary or trusted domain type"
++#: src/config/SSSDConfig/sssdoptions.py:341
++msgid "A mapping from user names to Kerberos principal names"
+ msgstr ""
+-"Afficher la liste des domaines, y compris le type de domaine principal ou de "
+-"confiance"
++"Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos"
+
+-#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
+-#: src/tools/sssctl/sssctl_user_checks.c:95
+-msgid "Unable to connect to system bus!\n"
+-msgstr "Impossible de se connecter au bus système !\n"
++#: src/config/SSSDConfig/sssdoptions.py:344
++#: src/config/SSSDConfig/sssdoptions.py:345
++msgid "Server where the change password service is running if not on the KDC"
++msgstr ""
++"Serveur où tourne le service de changement de mot de passe s'il n'est pas "
++"sur le KDC"
+
+-#: src/tools/sssctl/sssctl_domains.c:167
+-msgid "Online"
+-msgstr "En ligne"
++#: src/config/SSSDConfig/sssdoptions.py:348
++msgid "ldap_uri, The URI of the LDAP server"
++msgstr "ldap_uri, l'adresse du serveur LDAP"
+
+-#: src/tools/sssctl/sssctl_domains.c:167
+-msgid "Offline"
+-msgstr "Hors ligne"
++#: src/config/SSSDConfig/sssdoptions.py:349
++msgid "ldap_backup_uri, The URI of the LDAP server"
++msgstr "ldap_backup_uri, l'URI du serveur LDAP"
+
+-#: src/tools/sssctl/sssctl_domains.c:167
+-#, c-format
+-msgid "Online status: %s\n"
+-msgstr "Statut en ligne : %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:350
++msgid "The default base DN"
++msgstr "La base DN par défaut"
+
+-#: src/tools/sssctl/sssctl_domains.c:213
+-msgid "This domain has no active servers.\n"
+-msgstr "Ce domaine n'a pas de serveurs actifs.\n"
++#: src/config/SSSDConfig/sssdoptions.py:351
++msgid "The Schema Type in use on the LDAP server, rfc2307"
++msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
+
+-#: src/tools/sssctl/sssctl_domains.c:218
+-msgid "Active servers:\n"
+-msgstr "Serveurs actifs :\n"
++#: src/config/SSSDConfig/sssdoptions.py:352
++msgid "Mode used to change user password"
++msgstr "Mode utilisé pour modifier le mot de passe utilisateur"
+
+-#: src/tools/sssctl/sssctl_domains.c:230
+-msgid "not connected"
+-msgstr "non connecté"
++#: src/config/SSSDConfig/sssdoptions.py:353
++msgid "The default bind DN"
++msgstr "Le DN de connexion par défaut"
+
+-#: src/tools/sssctl/sssctl_domains.c:267
+-msgid "No servers discovered.\n"
+-msgstr "Aucun serveur découvert.\n"
++#: src/config/SSSDConfig/sssdoptions.py:354
++msgid "The type of the authentication token of the default bind DN"
++msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
+
+-#: src/tools/sssctl/sssctl_domains.c:273
+-#, c-format
+-msgid "Discovered %s servers:\n"
+-msgstr "%s serveurs découverts :\n"
++#: src/config/SSSDConfig/sssdoptions.py:355
++msgid "The authentication token of the default bind DN"
++msgstr "Le jeton d'authentification du DN de connexion par défaut"
+
+-#: src/tools/sssctl/sssctl_domains.c:285
+-msgid "None so far.\n"
+-msgstr "Aucun pour l'instant.\n"
++#: src/config/SSSDConfig/sssdoptions.py:356
++msgid "Length of time to attempt connection"
++msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
+
+-#: src/tools/sssctl/sssctl_domains.c:325
+-msgid "Show online status"
+-msgstr "Afficher le statut en ligne"
++#: src/config/SSSDConfig/sssdoptions.py:357
++msgid "Length of time to attempt synchronous LDAP operations"
++msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
+
+-#: src/tools/sssctl/sssctl_domains.c:326
+-msgid "Show information about active server"
+-msgstr "Afficher les informations sur le serveur actif"
++#: src/config/SSSDConfig/sssdoptions.py:358
++msgid "Length of time between attempts to reconnect while offline"
++msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
+
+-#: src/tools/sssctl/sssctl_domains.c:327
+-msgid "Show list of discovered servers"
+-msgstr "Afficher la liste des serveurs découverts"
++#: src/config/SSSDConfig/sssdoptions.py:359
++msgid "Use only the upper case for realm names"
++msgstr "N'utiliser que des majuscules pour les noms de domaine"
+
+-#: src/tools/sssctl/sssctl_domains.c:333
+-msgid "Specify domain name."
+-msgstr "Indiquer le nom de domaine."
++#: src/config/SSSDConfig/sssdoptions.py:360
++msgid "File that contains CA certificates"
++msgstr "Fichier contenant les certificats des CA"
+
+-#: src/tools/sssctl/sssctl_domains.c:355
+-msgid "Out of memory!\n"
+-msgstr "Plus de mémoire disponible !\n"
++#: src/config/SSSDConfig/sssdoptions.py:361
++msgid "Path to CA certificate directory"
++msgstr "Chemin vers le répertoire de certificats des CA"
+
+-#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
+-msgid "Unable to get online status\n"
+-msgstr "Impossible d'obtenir le statut en ligne\n"
++#: src/config/SSSDConfig/sssdoptions.py:362
++msgid "File that contains the client certificate"
++msgstr "Fichier contenant le certificat client"
+
+-#: src/tools/sssctl/sssctl_domains.c:395
+-msgid "Unable to get server list\n"
+-msgstr "Impossible d'obtenir la liste des serveurs\n"
++#: src/config/SSSDConfig/sssdoptions.py:363
++msgid "File that contains the client key"
++msgstr "Fichier contenant la clé du client"
+
+-#: src/tools/sssctl/sssctl_logs.c:46
+-msgid "\n"
+-msgstr "\n"
++#: src/config/SSSDConfig/sssdoptions.py:364
++msgid "List of possible ciphers suites"
++msgstr "Liste des suites de chiffrement possibles"
+
+-#: src/tools/sssctl/sssctl_logs.c:236
+-msgid "Delete log files instead of truncating"
+-msgstr "Supprimer les fichiers de log au lieu de tronquer"
++#: src/config/SSSDConfig/sssdoptions.py:365
++msgid "Require TLS certificate verification"
++msgstr "Requiert une vérification de certificat TLS"
+
+-#: src/tools/sssctl/sssctl_logs.c:247
+-msgid "Deleting log files...\n"
+-msgstr "Suppression des fichiers journaux...\n"
++#: src/config/SSSDConfig/sssdoptions.py:366
++msgid "Specify the sasl mechanism to use"
++msgstr "Spécifier le mécanisme SASL à utiliser"
+
+-#: src/tools/sssctl/sssctl_logs.c:250
+-msgid "Unable to remove log files\n"
+-msgstr "Impossible de supprimer les fichiers journaux\n"
++#: src/config/SSSDConfig/sssdoptions.py:367
++msgid "Specify the sasl authorization id to use"
++msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
+
+-#: src/tools/sssctl/sssctl_logs.c:256
+-msgid "Truncating log files...\n"
+-msgstr "Troncature des fichiers de journalisation...\n"
++#: src/config/SSSDConfig/sssdoptions.py:368
++msgid "Specify the sasl authorization realm to use"
++msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
+
+-#: src/tools/sssctl/sssctl_logs.c:259
+-msgid "Unable to truncate log files\n"
+-msgstr "Impossible de tronquer les fichiers de journalisation\n"
++#: src/config/SSSDConfig/sssdoptions.py:369
++msgid "Specify the minimal SSF for LDAP sasl authorization"
++msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
+
+-#: src/tools/sssctl/sssctl_logs.c:285
+-msgid "Out of memory!"
+-msgstr "Plus de mémoire disponible !"
++#: src/config/SSSDConfig/sssdoptions.py:370
++msgid "Specify the maximal SSF for LDAP sasl authorization"
++msgstr "Spécifie le SFF maximal pour l'autorisation sasl LDAP"
+
+-#: src/tools/sssctl/sssctl_logs.c:288
+-#, c-format
+-msgid "Archiving log files into %s...\n"
+-msgstr "Archivage des fichiers journaux dans %s...\n"
++#: src/config/SSSDConfig/sssdoptions.py:371
++msgid "Kerberos service keytab"
++msgstr "Service du fichier keytab de Kerberos"
+
+-#: src/tools/sssctl/sssctl_logs.c:291
+-msgid "Unable to archive log files\n"
+-msgstr "Impossible d'archiver les fichiers journaux\n"
++#: src/config/SSSDConfig/sssdoptions.py:372
++msgid "Use Kerberos auth for LDAP connection"
++msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
+
+-#: src/tools/sssctl/sssctl_logs.c:316
+-msgid "Specify debug level you want to set"
+-msgstr "Spécifiez le niveau de débogage que vous souhaitez définir"
++#: src/config/SSSDConfig/sssdoptions.py:373
++msgid "Follow LDAP referrals"
++msgstr "Suivre les référents LDAP"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:117
+-msgid "SSSD InfoPipe user lookup result:\n"
+-msgstr "Résultat de la recherche de l'utilisateur SSSD InfoPipe :\n"
++#: src/config/SSSDConfig/sssdoptions.py:374
++msgid "Lifetime of TGT for LDAP connection"
++msgstr "Durée de vie du TGT pour la connexion LDAP"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:167
+-#, c-format
+-msgid "dlopen failed with [%s].\n"
+-msgstr "dlopen a échoué avec [%s].\n"
++#: src/config/SSSDConfig/sssdoptions.py:375
++msgid "How to dereference aliases"
++msgstr "Comment déréférencer les alias"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:174
+-#, c-format
+-msgid "dlsym failed with [%s].\n"
+-msgstr "dlopen a échoué avec [%s].\n"
++#: src/config/SSSDConfig/sssdoptions.py:376
++msgid "Service name for DNS service lookups"
++msgstr "Nom du service pour les recherches DNS"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:182
+-msgid "malloc failed.\n"
+-msgstr "malloc a échoué.\n"
++#: src/config/SSSDConfig/sssdoptions.py:377
++msgid "The number of records to retrieve in a single LDAP query"
++msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:189
+-#, c-format
+-msgid "sss_getpwnam_r failed with [%d].\n"
+-msgstr "sss_getpwnam_r a échoué avec [%d].\n"
++#: src/config/SSSDConfig/sssdoptions.py:378
++msgid "The number of members that must be missing to trigger a full deref"
++msgstr ""
++"Nombre de membres qui doivent être manquants pour activer un déréférencement "
++"complet"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:194
+-msgid "SSSD nss user lookup result:\n"
+-msgstr "Résultat de la recherche de l'utilisateur SSSD nss :\n"
++#: src/config/SSSDConfig/sssdoptions.py:379
++msgid ""
++"Whether the LDAP library should perform a reverse lookup to canonicalize the "
++"host name during a SASL bind"
++msgstr ""
++"Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le "
++"nom d'hôte pendant une connexion SASL ?"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:195
+-#, c-format
+-msgid " - user name: %s\n"
+-msgstr " - user name: %s\n"
+-
+-#: src/tools/sssctl/sssctl_user_checks.c:196
+-#, c-format
+-msgid " - user id: %d\n"
+-msgstr " - user id: %d\n"
+-
+-#: src/tools/sssctl/sssctl_user_checks.c:197
+-#, c-format
+-msgid " - group id: %d\n"
+-msgstr " - group id: %d\n"
++#: src/config/SSSDConfig/sssdoptions.py:381
++msgid ""
++"Allows to retain local users as members of an LDAP group for servers that "
++"use the RFC2307 schema."
++msgstr ""
+
+-#: src/tools/sssctl/sssctl_user_checks.c:198
+-#, c-format
+-msgid " - gecos: %s\n"
+-msgstr " - gecos: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:384
++msgid "entryUSN attribute"
++msgstr "attribut entryUSN"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:199
+-#, c-format
+-msgid " - home directory: %s\n"
+-msgstr " - home directory: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:385
++msgid "lastUSN attribute"
++msgstr "attribut lastUSN"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:200
+-#, c-format
++#: src/config/SSSDConfig/sssdoptions.py:387
+ msgid ""
+-" - shell: %s\n"
+-"\n"
++"How long to retain a connection to the LDAP server before disconnecting"
+ msgstr ""
+-" - shell: %s\n"
+-"\n"
++"Combien de temps conserver la connexion au serveur LDAP avant de se "
++"déconnecter"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:232
+-msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
+-msgstr "Action PAM [auth|acct|setc|chau|open|clos], par défaut : "
++#: src/config/SSSDConfig/sssdoptions.py:390
++msgid "Disable the LDAP paging control"
++msgstr "Désactiver le contrôle des pages LDAP"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:235
+-msgid "PAM service, default: "
+-msgstr "Service PAM, par défaut : "
++#: src/config/SSSDConfig/sssdoptions.py:391
++msgid "Disable Active Directory range retrieval"
++msgstr "Désactiver la récupération de plage Active Directory."
+
+-#: src/tools/sssctl/sssctl_user_checks.c:240
+-msgid "Specify user name."
+-msgstr "Spécifiez le nom d'utilisateur."
++#: src/config/SSSDConfig/sssdoptions.py:394
++msgid "Length of time to wait for a search request"
++msgstr "Durée d'attente pour une requête de recherche"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:247
+-#, c-format
+-msgid ""
+-"user: %s\n"
+-"action: %s\n"
+-"service: %s\n"
+-"\n"
+-msgstr ""
+-"utilisateur: %s\n"
+-"action: %s\n"
+-"service: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:395
++msgid "Length of time to wait for a enumeration request"
++msgstr "Durée d'attente pour une requête d'énumération"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:252
+-#, c-format
+-msgid "User name lookup with [%s] failed.\n"
+-msgstr "La recherche de nom d'utilisateur avec [%s] a échoué.\n"
++#: src/config/SSSDConfig/sssdoptions.py:396
++msgid "Length of time between enumeration updates"
++msgstr "Durée entre deux mises à jour d'énumération"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:257
+-#, c-format
+-msgid "InfoPipe User lookup with [%s] failed.\n"
+-msgstr "La recherche de l'utilisateur InfoPipe avec [%s] a échoué.\n"
++#: src/config/SSSDConfig/sssdoptions.py:397
++msgid "Length of time between cache cleanups"
++msgstr "Durée entre les nettoyages de cache"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:263
+-#, c-format
+-msgid "pam_start failed: %s\n"
+-msgstr "pam_start a échoué : %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:398
++msgid "Require TLS for ID lookups"
++msgstr "TLS est requis pour les recherches d'identifiants"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:268
+-msgid ""
+-"testing pam_authenticate\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:399
++msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+ msgstr ""
+-"test de pam_authenticate\n"
+-"\n"
++"Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-"
++"établis"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:272
+-#, c-format
+-msgid "pam_get_item failed: %s\n"
+-msgstr "pam_get_item a échoué : %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:400
++msgid "Base DN for user lookups"
++msgstr "Base DN pour les recherches d'utilisateurs"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:275
+-#, c-format
+-msgid ""
+-"pam_authenticate for user [%s]: %s\n"
+-"\n"
+-msgstr "pam_authenticate pour l'utilisateur [%s] : %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:401
++msgid "Scope of user lookups"
++msgstr "Scope des recherches d'utilisateurs"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:278
+-msgid ""
+-"testing pam_chauthtok\n"
+-"\n"
+-msgstr ""
+-"test pam_chauthtok\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:402
++msgid "Filter for user lookups"
++msgstr "Filtre pour les recherches d'utilisateurs"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:280
+-#, c-format
+-msgid ""
+-"pam_chauthtok: %s\n"
+-"\n"
+-msgstr ""
+-"pam_chauthtok: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:403
++msgid "Objectclass for users"
++msgstr "Classe d'objet pour les utilisateurs"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:282
+-msgid ""
+-"testing pam_acct_mgmt\n"
+-"\n"
+-msgstr ""
+-"test de pam_acct_mgmt\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:404
++msgid "Username attribute"
++msgstr "Attribut de nom d'utilisateur"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:284
+-#, c-format
+-msgid ""
+-"pam_acct_mgmt: %s\n"
+-"\n"
+-msgstr ""
+-"pam_acct_mgmt: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:405
++msgid "UID attribute"
++msgstr "Attribut UID"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:286
+-msgid ""
+-"testing pam_setcred\n"
+-"\n"
+-msgstr ""
+-"test de pam_setcred\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:406
++msgid "Primary GID attribute"
++msgstr "Attribut de GID primaire"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:288
+-#, c-format
+-msgid ""
+-"pam_setcred: [%s]\n"
+-"\n"
+-msgstr ""
+-"pam_setcred: [%s]\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:407
++msgid "GECOS attribute"
++msgstr "Attribut GECOS"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:290
+-msgid ""
+-"testing pam_open_session\n"
+-"\n"
+-msgstr ""
+-"test pam_open_session\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:408
++msgid "Home directory attribute"
++msgstr "Attribut de répertoire utilisateur"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:292
+-#, c-format
+-msgid ""
+-"pam_open_session: %s\n"
+-"\n"
+-msgstr ""
+-"pam_open_session: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:409
++msgid "Shell attribute"
++msgstr "Attribut d'interpréteur de commandes"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:294
+-msgid ""
+-"testing pam_close_session\n"
+-"\n"
+-msgstr ""
+-"test pam_close_session\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:410
++msgid "UUID attribute"
++msgstr "attribut UUID"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:296
+-#, c-format
+-msgid ""
+-"pam_close_session: %s\n"
+-"\n"
+-msgstr ""
+-"pam_close_session: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:411
++#: src/config/SSSDConfig/sssdoptions.py:449
++msgid "objectSID attribute"
++msgstr "attribut objectSID"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:298
+-msgid "unknown action\n"
+-msgstr "action inconnue\n"
++#: src/config/SSSDConfig/sssdoptions.py:412
++msgid "Active Directory primary group attribute for ID-mapping"
++msgstr "Groupe primaire Active Directory pour la correspondance d'ID"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:301
+-msgid "PAM Environment:\n"
+-msgstr "Environnement PAM :\n"
++#: src/config/SSSDConfig/sssdoptions.py:413
++msgid "User principal attribute (for Kerberos)"
++msgstr "Attribut d'utilisateur principal (pour Kerberos)"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:309
+-msgid " - no env -\n"
+-msgstr " - no env -\n"
++#: src/config/SSSDConfig/sssdoptions.py:414
++msgid "Full Name"
++msgstr "Nom complet"
+
+-#: src/util/util.h:82
+-msgid "The user ID to run the server as"
+-msgstr "L'identifiant utilisateur sous lequel faire tourner le serveur"
++#: src/config/SSSDConfig/sssdoptions.py:415
++msgid "memberOf attribute"
++msgstr "Attribut memberOf"
+
+-#: src/util/util.h:84
+-msgid "The group ID to run the server as"
+-msgstr "L'identifiant de groupe sous lequel faire tourner le serveur"
++#: src/config/SSSDConfig/sssdoptions.py:416
++msgid "Modification time attribute"
++msgstr "Attribut de date de modification"
+
+-#: src/util/util.h:92
+-msgid "Informs that the responder has been socket-activated"
+-msgstr "Informe que le répondeur a été activé par un socket"
++#: src/config/SSSDConfig/sssdoptions.py:417
++msgid "shadowLastChange attribute"
++msgstr "Attribut shadowLastChange"
+
+-#: src/util/util.h:94
+-msgid "Informs that the responder has been dbus-activated"
+-msgstr "Informe que le répondeur a été activé par un dbus"
++#: src/config/SSSDConfig/sssdoptions.py:418
++msgid "shadowMin attribute"
++msgstr "Attribut shadowMin"
+
+-#~ msgid "Set the verbosity of the debug logging"
+-#~ msgstr "Définir le niveau de détails de la sortie de débogage"
++#: src/config/SSSDConfig/sssdoptions.py:419
++msgid "shadowMax attribute"
++msgstr "Attribut shadowMax"
+
+-#~ msgid "Include timestamps in debug logs"
+-#~ msgstr "Ajouter l'horodatage dans les fichiers de débogage"
++#: src/config/SSSDConfig/sssdoptions.py:420
++msgid "shadowWarning attribute"
++msgstr "Attribut shadowWarning"
+
+-#~ msgid "Include microseconds in timestamps in debug logs"
+-#~ msgstr ""
+-#~ "Ajouter les microsecondes pour l'horodatage dans les journaux de débogage"
++#: src/config/SSSDConfig/sssdoptions.py:421
++msgid "shadowInactive attribute"
++msgstr "Attribut shadowInactive"
+
+-#~ msgid "Write debug messages to logfiles"
+-#~ msgstr "Écrire les messages de débogage dans les journaux"
++#: src/config/SSSDConfig/sssdoptions.py:422
++msgid "shadowExpire attribute"
++msgstr "Attribut shadowExpire"
+
+-#~ msgid "Watchdog timeout before restarting service"
+-#~ msgstr "Délai de surveillance avant le redémarrage du service"
++#: src/config/SSSDConfig/sssdoptions.py:423
++msgid "shadowFlag attribute"
++msgstr "Attribut shadowFlag"
+
+-#~ msgid "Command to start service"
+-#~ msgstr "Commande pour démarrer le service"
++#: src/config/SSSDConfig/sssdoptions.py:424
++msgid "Attribute listing authorized PAM services"
++msgstr "Attribut listant les services PAM autorisés"
+
+-#~ msgid "Number of times to attempt connection to Data Providers"
+-#~ msgstr ""
+-#~ "Nombre d'essais pour tenter de se connecter au fournisseur de données"
++#: src/config/SSSDConfig/sssdoptions.py:425
++msgid "Attribute listing authorized server hosts"
++msgstr "Attribut listant les hôtes de serveurs autorisés"
+
+-#~ msgid "The number of file descriptors that may be opened by this responder"
+-#~ msgstr ""
+-#~ "Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce "
+-#~ "répondeur"
++#: src/config/SSSDConfig/sssdoptions.py:426
++msgid "Attribute listing authorized server rhosts"
++msgstr "Attribut listant les rhosts de serveurs autorisés"
+
+-#~ msgid "Idle time before automatic disconnection of a client"
+-#~ msgstr "durée d'inactivité avant la déconnexion automatique d'un client"
++#: src/config/SSSDConfig/sssdoptions.py:427
++msgid "krbLastPwdChange attribute"
++msgstr "Attribut krbLastPwdChange"
+
+-#~ msgid "Idle time before automatic shutdown of the responder"
+-#~ msgstr "Temps d'inactivité avant l'arrêt automatique du répondeur"
++#: src/config/SSSDConfig/sssdoptions.py:428
++msgid "krbPasswordExpiration attribute"
++msgstr "Attribut krbPasswordExpiration"
+
+-#~ msgid "Always query all the caches before querying the Data Providers"
+-#~ msgstr ""
+-#~ "Interrogez toujours tous les caches avant d'interroger les fournisseurs "
+-#~ "de données"
++#: src/config/SSSDConfig/sssdoptions.py:429
++msgid "Attribute indicating that server side password policies are active"
++msgstr ""
++"Attribut indiquant que la stratégie de mot de passe du serveur est active"
++
++#: src/config/SSSDConfig/sssdoptions.py:430
++msgid "accountExpires attribute of AD"
++msgstr "Attribut AD accountExpires"
++
++#: src/config/SSSDConfig/sssdoptions.py:431
++msgid "userAccountControl attribute of AD"
++msgstr "Attribut AD userAccountControl"
++
++#: src/config/SSSDConfig/sssdoptions.py:432
++msgid "nsAccountLock attribute"
++msgstr "Attribut nsAccountLock"
+
+-#~ msgid "SSSD Services to start"
+-#~ msgstr "Services SSSD à démarrer"
++#: src/config/SSSDConfig/sssdoptions.py:433
++msgid "loginDisabled attribute of NDS"
++msgstr "Attribut NDS loginDisabled"
+
+-#~ msgid "SSSD Domains to start"
+-#~ msgstr "Domaines SSSD à démarrer"
++#: src/config/SSSDConfig/sssdoptions.py:434
++msgid "loginExpirationTime attribute of NDS"
++msgstr "Attribut NDS loginExpirationTime"
+
+-#~ msgid "Timeout for messages sent over the SBUS"
+-#~ msgstr "Délai d'attente pour les messages à envoyer à travers SBUS"
++#: src/config/SSSDConfig/sssdoptions.py:435
++msgid "loginAllowedTimeMap attribute of NDS"
++msgstr "Attribut NDS loginAllowedTimeMap"
+
+-#~ msgid "Regex to parse username and domain"
+-#~ msgstr ""
+-#~ "Expression rationnelle d'analyse des noms d'utilisateur et de domaine"
++#: src/config/SSSDConfig/sssdoptions.py:436
++msgid "SSH public key attribute"
++msgstr "Attribut de clé public SSH"
+
+-#~ msgid "Printf-compatible format for displaying fully-qualified names"
+-#~ msgstr ""
+-#~ "Format compatible printf d'affichage des noms complétement qualifiés"
++#: src/config/SSSDConfig/sssdoptions.py:437
++msgid "attribute listing allowed authentication types for a user"
++msgstr ""
++"attribut énumérant les types d'authentification autorisés pour un "
++"utilisateur"
++
++#: src/config/SSSDConfig/sssdoptions.py:438
++msgid "attribute containing the X509 certificate of the user"
++msgstr "attribut contenant le certificat X509 de l'utilisateur"
+
+-#~ msgid ""
+-#~ "Directory on the filesystem where SSSD should store Kerberos replay cache "
+-#~ "files."
+-#~ msgstr ""
+-#~ "Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
+-#~ "relecture de Kerberos."
++#: src/config/SSSDConfig/sssdoptions.py:439
++msgid "attribute containing the email address of the user"
++msgstr "attribut contenant l’adresse email de l'utilisateur"
+
+-#~ msgid "Domain to add to names without a domain component."
+-#~ msgstr "Domaine à ajouter aux noms sans composant de nom de domaine."
++#: src/config/SSSDConfig/sssdoptions.py:440
++msgid "A list of extra attributes to download along with the user entry"
++msgstr ""
++"Une liste des attributs supplémentaires à télécharger avec l'entrée de "
++"l'utilisateur"
+
+-#~ msgid "The user to drop privileges to"
+-#~ msgstr "L'utilisation vers lequel abandonner les privilèges"
++#: src/config/SSSDConfig/sssdoptions.py:442
++msgid "Base DN for group lookups"
++msgstr "DN de base pour les recherches de groupes"
+
+-#~ msgid "Tune certificate verification"
+-#~ msgstr "Régler la vérification du certificat"
++#: src/config/SSSDConfig/sssdoptions.py:443
++msgid "Objectclass for groups"
++msgstr "Classe d'objet pour les groupes"
+
+-#~ msgid ""
+-#~ "All spaces in group or user names will be replaced with this character"
+-#~ msgstr ""
+-#~ "Tous les espaces dans les noms de groupes ou d'utilisateurs seront "
+-#~ "remplacés par ce caractère"
++#: src/config/SSSDConfig/sssdoptions.py:444
++msgid "Group name"
++msgstr "Nom du groupe"
+
+-#~ msgid "Tune sssd to honor or ignore netlink state changes"
+-#~ msgstr ""
+-#~ "Régler sssd pour honorer ou ignorer les changements d'état du netlink"
++#: src/config/SSSDConfig/sssdoptions.py:445
++msgid "Group password"
++msgstr "Mot de passe du groupe"
+
+-#~ msgid "Enable or disable the implicit files domain"
+-#~ msgstr "Activer ou désactiver le domaine des fichiers implicites"
++#: src/config/SSSDConfig/sssdoptions.py:446
++msgid "GID attribute"
++msgstr "Attribut GID"
+
+-#~ msgid "A specific order of the domains to be looked up"
+-#~ msgstr "Un ordre spécifique des domaines à rechercher"
++#: src/config/SSSDConfig/sssdoptions.py:447
++msgid "Group member attribute"
++msgstr "Attribut membre du groupe"
+
+-#~ msgid "Enumeration cache timeout length (seconds)"
+-#~ msgstr "Délai d'attente du cache d'énumération (en secondes)"
++#: src/config/SSSDConfig/sssdoptions.py:448
++msgid "Group UUID attribute"
++msgstr "attribut de l'UUID du groupe"
+
+-#~ msgid "Entry cache background update timeout length (seconds)"
+-#~ msgstr ""
+-#~ "Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en "
+-#~ "secondes)"
++#: src/config/SSSDConfig/sssdoptions.py:450
++msgid "Modification time attribute for groups"
++msgstr "Attribut de date de modification pour les groupes"
+
+-#~ msgid "Negative cache timeout length (seconds)"
+-#~ msgstr "Délai d'attente du cache négatif (en secondes)"
++#: src/config/SSSDConfig/sssdoptions.py:451
++msgid "Type of the group and other flags"
++msgstr "Type de groupe et autres indicateurs"
+
+-#~ msgid "Files negative cache timeout length (seconds)"
+-#~ msgstr "Délai d'attente du cache négatif (en secondes)"
+-
+-#~ msgid "Users that SSSD should explicitly ignore"
+-#~ msgstr "Utilisateurs que SSSD doit explicitement ignorer"
+-
+-#~ msgid "Groups that SSSD should explicitly ignore"
+-#~ msgstr "Groupes que SSSD doit explicitement ignorer"
+-
+-#~ msgid "Should filtered users appear in groups"
+-#~ msgstr "Les utilisateurs filtrés doivent-ils apparaître dans les groupes"
+-
+-#~ msgid "The value of the password field the NSS provider should return"
+-#~ msgstr ""
+-#~ "Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer"
+-
+-#~ msgid "Override homedir value from the identity provider with this value"
+-#~ msgstr ""
+-#~ "Remplacer par cette valeur celle du répertoire personnel obtenu avec le "
+-#~ "fournisseur d'identité"
+-
+-#~ msgid ""
+-#~ "Substitute empty homedir value from the identity provider with this value"
+-#~ msgstr ""
+-#~ "Substitution de la valeur homedir vide du fournisseur d'identité avec "
+-#~ "cette valeur"
++#: src/config/SSSDConfig/sssdoptions.py:452
++msgid "The LDAP group external member attribute"
++msgstr "L'attribut de membre externe du groupe LDAP"
+
+-#~ msgid "Override shell value from the identity provider with this value"
+-#~ msgstr ""
+-#~ "Écraser le shell donné par le fournisseur d'identité avec cette valeur"
++#: src/config/SSSDConfig/sssdoptions.py:453
++msgid "Maximum nesting level SSSD will follow"
++msgstr "Le niveau d'imbrication maximal du SSSD suivra"
+
+-#~ msgid "The list of shells users are allowed to log in with"
+-#~ msgstr ""
+-#~ "Liste des interpréteurs de commandes utilisateurs autorisés pour se "
+-#~ "connecter"
+-
+-#~ msgid ""
+-#~ "The list of shells that will be vetoed, and replaced with the fallback "
+-#~ "shell"
+-#~ msgstr ""
+-#~ "Liste des interpréteurs de commandes bannis et remplacés par celui par "
+-#~ "défaut"
+-
+-#~ msgid ""
+-#~ "If a shell stored in central directory is allowed but not available, use "
+-#~ "this fallback"
+-#~ msgstr ""
+-#~ "Si un interpréteur de commandes stocké dans l'annuaire central est "
+-#~ "autorisé mais indisponible, utiliser à défaut celui-ci"
+-
+-#~ msgid "Shell to use if the provider does not list one"
+-#~ msgstr "Shell à utiliser si le fournisseur n'en propose aucun"
+-
+-#~ msgid "How long will be in-memory cache records valid"
+-#~ msgstr "Durée de maintien en cache des enregistrements valides"
+-
+-#~ msgid "List of user attributes the NSS responder is allowed to publish"
+-#~ msgstr ""
+-#~ "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
+-
+-#~ msgid "How long to allow cached logins between online logins (days)"
+-#~ msgstr ""
+-#~ "Délai pendant lequel les connexions utilisant le cache sont autorisées "
+-#~ "entre deux connexions en ligne (en jours)"
+-
+-#~ msgid "How many failed logins attempts are allowed when offline"
+-#~ msgstr "Nombre d'échecs de connexions hors-ligne autorisés"
+-
+-#~ msgid ""
+-#~ "How long (minutes) to deny login after offline_failed_login_attempts has "
+-#~ "been reached"
+-#~ msgstr ""
+-#~ "Durée d'interdiction de connexion après que offline_failed_login_attempts "
+-#~ "est atteint (en minutes)"
+-
+-#~ msgid ""
+-#~ "What kind of messages are displayed to the user during authentication"
+-#~ msgstr ""
+-#~ "Quels types de messages sont affichés à l'utilisateur pendant "
+-#~ "l'authentification"
+-
+-#~ msgid "Filter PAM responses sent to the pam_sss"
+-#~ msgstr "Filtrez les réponses PAM envoyées à l'adresse pam_sss"
+-
+-#~ msgid ""
+-#~ "How many seconds to keep identity information cached for PAM requests"
+-#~ msgstr ""
+-#~ "Durée en secondes pendant laquelle les informations d'identité sont "
+-#~ "gardées en cache pour les requêtes PAM"
+-
+-#~ msgid ""
+-#~ "How many days before password expiration a warning should be displayed"
+-#~ msgstr ""
+-#~ "Nombre de jours précédent l'expiration du mot de passe avant lesquels un "
+-#~ "avertissement doit être affiché"
+-
+-#~ msgid "List of trusted uids or user's name"
+-#~ msgstr "Liste des uid ou noms d'utilisateurs dignes de confiance"
+-
+-#~ msgid "List of domains accessible even for untrusted users."
+-#~ msgstr ""
+-#~ "Liste des domaines accessibles y compris par les utilisateurs non dignes "
+-#~ "de confiance"
+-
+-#~ msgid "Message printed when user account is expired."
+-#~ msgstr "Message affiché lorsque le compte a expiré"
+-
+-#~ msgid "Message printed when user account is locked."
+-#~ msgstr "Message affiché lorsque le compte a expiré"
+-
+-#~ msgid "Allow certificate based/Smartcard authentication."
+-#~ msgstr "Autoriser l'authentification par certificat/carte à puce."
+-
+-#~ msgid "Path to certificate database with PKCS#11 modules."
+-#~ msgstr ""
+-#~ "Chemin d'accès à la base de données des certificats des modules PKCS#11."
+-
+-#~ msgid "How many seconds will pam_sss wait for p11_child to finish"
+-#~ msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child"
+-
+-#~ msgid "Which PAM services are permitted to contact application domains"
+-#~ msgstr ""
+-#~ "Quels services PAM sont autorisés à contacter les domaines d'application"
+-
+-#~ msgid "Allowed services for using smartcards"
+-#~ msgstr "Services autorisés pour l'utilisation de cartes à puce"
+-
+-#~ msgid "Additional timeout to wait for a card if requested"
+-#~ msgstr ""
+-#~ "Délai d'attente supplémentaire pour l'obtention d'une carte si demandé"
+-
+-#~ msgid ""
+-#~ "PKCS#11 URI to restrict the selection of devices for Smartcard "
+-#~ "authentication"
+-#~ msgstr ""
+-#~ "URI PKCS#11 pour limiter la sélection des périphériques pour "
+-#~ "l'authentification par carte à puce"
+-
+-#~ msgid "Whether to evaluate the time-based attributes in sudo rules"
+-#~ msgstr ""
+-#~ "Faut-il évaluer les attributs dépendants du temps dans les règles sudo"
+-
+-#~ msgid "If true, SSSD will switch back to lower-wins ordering logic"
+-#~ msgstr "Si sur true, SSSD repasse en logique de commande à faible gain"
+-
+-#~ msgid ""
+-#~ "Maximum number of rules that can be refreshed at once. If this is "
+-#~ "exceeded, full refresh is performed."
+-#~ msgstr ""
+-#~ "Nombre maximum de règles pouvant être rafraîchies en même temps. En cas "
+-#~ "de dépassement, un rafraîchissement complet est effectué."
+-
+-#~ msgid "Whether to hash host names and addresses in the known_hosts file"
+-#~ msgstr ""
+-#~ "Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
+-
+-#~ msgid ""
+-#~ "How many seconds to keep a host in the known_hosts file after its host "
+-#~ "keys were requested"
+-#~ msgstr ""
+-#~ "Le nombre de secondes pour garder un hôte dans le fichier known_hosts "
+-#~ "après que ses clés d'hôte ont été demandées"
+-
+-#~ msgid "Path to storage of trusted CA certificates"
+-#~ msgstr "Chemin d'accès au stockage des certificats d'AC de confiance"
+-
+-#~ msgid "Allow to generate ssh-keys from certificates"
+-#~ msgstr "Permet de générer des ssh-keys à partir de certificats"
+-
+-#~ msgid ""
+-#~ "Use the following matching rules to filter the certificates for ssh-key "
+-#~ "generation"
+-#~ msgstr ""
+-#~ "Utilisez les règles de correspondance suivantes pour filtrer les "
+-#~ "certificats pour la génération de clés ssh"
+-
+-#~ msgid "List of UIDs or user names allowed to access the PAC responder"
+-#~ msgstr ""
+-#~ "Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC"
+-
+-#~ msgid "How long the PAC data is considered valid"
+-#~ msgstr "Durée de validité des données du PAC"
+-
+-#~ msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+-#~ msgstr ""
+-#~ "Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur "
+-#~ "InfoPipe"
+-
+-#~ msgid "List of user attributes the InfoPipe is allowed to publish"
+-#~ msgstr ""
+-#~ "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
+-
+-#~ msgid "The provider where the secrets will be stored in"
+-#~ msgstr "Le fournisseur où les secrets seront stockés"
++#: src/config/SSSDConfig/sssdoptions.py:454
++msgid "Filter for group lookups"
++msgstr ""
+
+-#~ msgid "The maximum allowed number of nested containers"
+-#~ msgstr "Le nombre maximal de conteneurs imbriqués autorisés"
++#: src/config/SSSDConfig/sssdoptions.py:455
++msgid "Scope of group lookups"
++msgstr ""
+
+-#~ msgid "The maximum number of secrets that can be stored"
+-#~ msgstr "Le nombre maximum de secrets qui peuvent être stockés"
++#: src/config/SSSDConfig/sssdoptions.py:457
++msgid "Base DN for netgroup lookups"
++msgstr "DN de base pour les recherches de netgroup"
+
+-#~ msgid "The maximum number of secrets that can be stored per UID"
+-#~ msgstr "Le nombre maximum de secrets qui peuvent être stockés par UID"
++#: src/config/SSSDConfig/sssdoptions.py:458
++msgid "Objectclass for netgroups"
++msgstr "Classe d'objet pour les groupes réseau"
+
+-#~ msgid "The maximum payload size of a secret in kilobytes"
+-#~ msgstr "La taille maximale de la charge utile d'un secret en kilo-octets"
++#: src/config/SSSDConfig/sssdoptions.py:459
++msgid "Netgroup name"
++msgstr "Nom du groupe réseau"
+
+-#~ msgid "The URL Custodia server is listening on"
+-#~ msgstr "L'URL du serveur Custodia est en écoute sur"
++#: src/config/SSSDConfig/sssdoptions.py:460
++msgid "Netgroups members attribute"
++msgstr "Attribut des membres des groupes réseau"
+
+-#~ msgid "The method to use when authenticating to a Custodia server"
+-#~ msgstr ""
+-#~ "La méthode à utiliser lors de l'authentification via un serveur Custodia"
++#: src/config/SSSDConfig/sssdoptions.py:461
++msgid "Netgroup triple attribute"
++msgstr "Attribut triplet du groupe réseau"
+
+-#~ msgid ""
+-#~ "The name of the headers that will be added into a HTTP request with the "
+-#~ "value defined in auth_header_value"
+-#~ msgstr ""
+-#~ "Le nom des en-têtes qui seront ajoutés dans une requête HTTP avec la "
+-#~ "valeur définie dans auth_header_value"
++#: src/config/SSSDConfig/sssdoptions.py:462
++msgid "Modification time attribute for netgroups"
++msgstr "Attribut date de modification pour les groupes réseau"
+
+-#~ msgid "The value sssd-secrets would use for auth_header_name"
+-#~ msgstr "La valeur que sssd-secrets utiliseraient pour auth_header_name"
++#: src/config/SSSDConfig/sssdoptions.py:464
++msgid "Base DN for service lookups"
++msgstr "Nom de domaine (DN) de base pour les recherches de service"
+
+-#~ msgid ""
+-#~ "The list of the headers to forward to the Custodia server together with "
+-#~ "the request"
+-#~ msgstr ""
+-#~ "La liste des en-têtes à transmettre au serveur Custodia avec la requête"
++#: src/config/SSSDConfig/sssdoptions.py:465
++msgid "Objectclass for services"
++msgstr "Classe objet pour les services"
+
+-#~ msgid ""
+-#~ "The username to use when authenticating to a Custodia server using "
+-#~ "basic_auth"
+-#~ msgstr ""
+-#~ "La méthode à utiliser lors de l'authentification via un serveur Custodia "
+-#~ "utilisant basic_auth"
++#: src/config/SSSDConfig/sssdoptions.py:466
++msgid "Service name attribute"
++msgstr "Attribut de nom de service"
+
+-#~ msgid ""
+-#~ "The password to use when authenticating to a Custodia server using "
+-#~ "basic_auth"
+-#~ msgstr ""
+-#~ "La méthode à utiliser lors de l'authentification via un serveur Custodia "
+-#~ "utilisant basic_auth"
+-
+-#~ msgid ""
+-#~ "If true peer's certificate is verified if proxy_url uses https protocol"
+-#~ msgstr ""
+-#~ "Le certificat pair true est vérifié si proxy_url utilise le protocole "
+-#~ "https"
+-
+-#~ msgid ""
+-#~ "If false peer's certificate may contain different hostname than proxy_url "
+-#~ "when https protocol is used"
+-#~ msgstr ""
+-#~ "Le certificat pair false peut contenir un nom d'hôte différent de "
+-#~ "proxy_url lorsque le protocole https est utilisé"
+-
+-#~ msgid ""
+-#~ "Path to directory where certificate authority certificates are stored"
+-#~ msgstr "Chemin d'accès au répertoire où sont stockés les certificats CA"
++#: src/config/SSSDConfig/sssdoptions.py:467
++msgid "Service port attribute"
++msgstr "Attribut de port du service"
+
+-#~ msgid "Path to file containing server's CA certificate"
+-#~ msgstr "Chemin d'accès au fichier contenant le certificat CA du serveur"
++#: src/config/SSSDConfig/sssdoptions.py:468
++msgid "Service protocol attribute"
++msgstr "Attribut de service du protocole"
+
+-#~ msgid "Path to file containing client's certificate"
+-#~ msgstr "Chemin d'accès au fichier contenant le certificat du client"
++#: src/config/SSSDConfig/sssdoptions.py:470
++msgid "Lower bound for ID-mapping"
++msgstr "Limite inférieure pour la correspondance d'ID"
+
+-#~ msgid "Path to file containing client's private key"
+-#~ msgstr "Chemin d'accès au fichier contenant la clé privée du client"
++#: src/config/SSSDConfig/sssdoptions.py:471
++msgid "Upper bound for ID-mapping"
++msgstr "Limite supérieure pour la correspondance d'ID"
+
+-#~ msgid "Identity provider"
+-#~ msgstr "Fournisseur d'identité"
++#: src/config/SSSDConfig/sssdoptions.py:472
++msgid "Number of IDs for each slice when ID-mapping"
++msgstr "Nombre d'ID par tranche pour la correspondance d'ID"
+
+-#~ msgid "Authentication provider"
+-#~ msgstr "Fournisseur d'authentification"
++#: src/config/SSSDConfig/sssdoptions.py:473
++msgid "Use autorid-compatible algorithm for ID-mapping"
++msgstr ""
++"Utilisation d'un algorithme compatible autorid pour la correspondance d'ID"
+
+-#~ msgid "Access control provider"
+-#~ msgstr "Fournisseur de contrôle d'accès"
++#: src/config/SSSDConfig/sssdoptions.py:474
++msgid "Name of the default domain for ID-mapping"
++msgstr "Nom du domaine par défaut pour la correspondance d'ID"
+
+-#~ msgid "Password change provider"
+-#~ msgstr "Fournisseur de changement de mot de passe"
++#: src/config/SSSDConfig/sssdoptions.py:475
++msgid "SID of the default domain for ID-mapping"
++msgstr "SID du domaine par défaut pour la correspondance d'ID"
+
+-#~ msgid "SUDO provider"
+-#~ msgstr "Fournisseur SUDO"
++#: src/config/SSSDConfig/sssdoptions.py:476
++msgid "Number of secondary slices"
++msgstr "Nombre de tranches secondaires"
+
+-#~ msgid "Autofs provider"
+-#~ msgstr "Fournisseur autofs"
++#: src/config/SSSDConfig/sssdoptions.py:478
++msgid "Whether to use Token-Groups"
++msgstr "Choisir d'utiliser ou non les groupes de jetons"
+
+-#~ msgid "Host identity provider"
+-#~ msgstr "Fournisseur d'identité de l'hôte"
++#: src/config/SSSDConfig/sssdoptions.py:479
++msgid "Set lower boundary for allowed IDs from the LDAP server"
++msgstr ""
++"Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP"
+
+-#~ msgid "SELinux provider"
+-#~ msgstr "Fournisseur SELinux"
++#: src/config/SSSDConfig/sssdoptions.py:480
++msgid "Set upper boundary for allowed IDs from the LDAP server"
++msgstr ""
++"Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP"
+
+-#~ msgid "Session management provider"
+-#~ msgstr "Fournisseur de gestion de session"
++#: src/config/SSSDConfig/sssdoptions.py:481
++msgid "DN for ppolicy queries"
++msgstr "DN pour les requêtes sur ppolicy"
+
+-#~ msgid "Whether the domain is usable by the OS or by applications"
+-#~ msgstr "Si le domaine est utilisable par l'OS ou par des applications"
++#: src/config/SSSDConfig/sssdoptions.py:482
++msgid "How many maximum entries to fetch during a wildcard request"
++msgstr "Combien d'entrées maximum à récupérer lors d'une demande de wildcard"
+
+-#~ msgid "Minimum user ID"
+-#~ msgstr "Identifiant utilisateur minimum"
++#: src/config/SSSDConfig/sssdoptions.py:485
++msgid "Policy to evaluate the password expiration"
++msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
+
+-#~ msgid "Maximum user ID"
+-#~ msgstr "Identifiant utilisateur maximum"
++#: src/config/SSSDConfig/sssdoptions.py:489
++msgid "Which attributes shall be used to evaluate if an account is expired"
++msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
+
+-#~ msgid "Enable enumerating all users/groups"
+-#~ msgstr "Activer l'énumération de tous les utilisateurs/groupes"
++#: src/config/SSSDConfig/sssdoptions.py:490
++msgid "Which rules should be used to evaluate access control"
++msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
+
+-#~ msgid "Cache credentials for offline login"
+-#~ msgstr "Mettre en cache les crédits pour une connexion hors-ligne"
++#: src/config/SSSDConfig/sssdoptions.py:493
++msgid "URI of an LDAP server where password changes are allowed"
++msgstr ""
++"URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
+
+-#~ msgid "Display users/groups in fully-qualified form"
+-#~ msgstr ""
+-#~ "Afficher les utilisateurs/groupes dans un format complétement qualifié"
++#: src/config/SSSDConfig/sssdoptions.py:494
++msgid "URI of a backup LDAP server where password changes are allowed"
++msgstr ""
++"URI d'un serveur LDAP de secours où sont autorisées les modifications de mot "
++"de passe"
+
+-#~ msgid "Don't include group members in group lookups"
+-#~ msgstr ""
+-#~ "Ne pas inclure les membres des groupes dans les recherches de groupes."
++#: src/config/SSSDConfig/sssdoptions.py:495
++msgid "DNS service name for LDAP password change server"
++msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
+
+-#~ msgid "Entry cache timeout length (seconds)"
+-#~ msgstr "Durée de validité des entrées en cache (en secondes)"
++#: src/config/SSSDConfig/sssdoptions.py:496
++msgid ""
++"Whether to update the ldap_user_shadow_last_change attribute after a "
++"password change"
++msgstr ""
++"Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un "
++"changement de mot de passe"
+
+-#~ msgid ""
+-#~ "Restrict or prefer a specific address family when performing DNS lookups"
+-#~ msgstr ""
+-#~ "Restreindre ou préférer une famille d'adresses lors des recherches DNS"
++#: src/config/SSSDConfig/sssdoptions.py:500
++msgid "Base DN for sudo rules lookups"
++msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
+
+-#~ msgid "How long to keep cached entries after last successful login (days)"
+-#~ msgstr ""
+-#~ "Durée de validité des entrées en cache après la dernière connexion "
+-#~ "réussie (en jours)"
++#: src/config/SSSDConfig/sssdoptions.py:501
++msgid "Automatic full refresh period"
++msgstr "Périodicité de rafraichissement total"
+
+-#~ msgid ""
+-#~ "How long should SSSD talk to single DNS server before trying next server "
+-#~ "(miliseconds)"
+-#~ msgstr ""
+-#~ "Combien de temps le SSSD doit-il parler à un seul serveur DNS avant "
+-#~ "d'essayer le serveur suivant (en millisecondes)"
++#: src/config/SSSDConfig/sssdoptions.py:502
++msgid "Automatic smart refresh period"
++msgstr "Périodicité de rafraichissement intelligent"
+
+-#~ msgid "How long should keep trying to resolve single DNS query (seconds)"
+-#~ msgstr ""
+-#~ "Combien de temps faut-il continuer à essayer de résoudre une seule "
+-#~ "requête DNS (en secondes)"
++#: src/config/SSSDConfig/sssdoptions.py:503
++msgid "Whether to filter rules by hostname, IP addresses and network"
++msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux"
+
+-#~ msgid ""
+-#~ "How long to wait for replies from DNS when resolving servers (seconds)"
+-#~ msgstr ""
+-#~ "Délai d'attente des réponses du DNS lors de la résolution des serveurs "
+-#~ "(en secondes)"
++#: src/config/SSSDConfig/sssdoptions.py:504
++msgid ""
++"Hostnames and/or fully qualified domain names of this machine to filter sudo "
++"rules"
++msgstr ""
++"Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour "
++"filtrer les règles sudo"
+
+-#~ msgid "The domain part of service discovery DNS query"
+-#~ msgstr "La partie domaine de la requête de découverte de service DNS"
++#: src/config/SSSDConfig/sssdoptions.py:505
++msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
++msgstr ""
++"Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles "
++"sudo"
+
+-#~ msgid "Override GID value from the identity provider with this value"
+-#~ msgstr ""
+-#~ "Écraser la valeur du GID du fournisseur d'identité avec cette valeur"
++#: src/config/SSSDConfig/sssdoptions.py:506
++msgid "Whether to include rules that contains netgroup in host attribute"
++msgstr ""
++"Inclure ou non les règles qui contiennent un netgroup dans l'attribut host"
+
+-#~ msgid "Treat usernames as case sensitive"
+-#~ msgstr "Considère les noms d'utilisateur comme casse dépendant"
++#: src/config/SSSDConfig/sssdoptions.py:507
++msgid ""
++"Whether to include rules that contains regular expression in host attribute"
++msgstr ""
++"Inclure ou non les règles qui contiennent une expression rationnelle dans "
++"l'attribut host"
+
+-#~ msgid "How often should expired entries be refreshed in background"
+-#~ msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées"
++#: src/config/SSSDConfig/sssdoptions.py:508
++msgid "Object class for sudo rules"
++msgstr "Classe objet pour les règles sudo"
+
+-#~ msgid "Whether to automatically update the client's DNS entry"
+-#~ msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client"
++#: src/config/SSSDConfig/sssdoptions.py:509
++msgid "Name of attribute that is used as object class for sudo rules"
++msgstr ""
++"Nom de l'attribut qui est utilisé comme classe d'objet pour les règles sudo"
+
+-#~ msgid "The TTL to apply to the client's DNS entry after updating it"
+-#~ msgstr "Le TTL à appliquer à l'entrée DNS du client après modification"
++#: src/config/SSSDConfig/sssdoptions.py:510
++msgid "Sudo rule name"
++msgstr "Règle de nom sudo"
+
+-#~ msgid "The interface whose IP should be used for dynamic DNS updates"
+-#~ msgstr ""
+-#~ "L'interface dont l'adresse IP doit être utilisée pour les mises à jour "
+-#~ "dynamiques du DNS"
++#: src/config/SSSDConfig/sssdoptions.py:511
++msgid "Sudo rule command attribute"
++msgstr "Attribut de commande de règle sudo"
+
+-#~ msgid "How often to periodically update the client's DNS entry"
+-#~ msgstr "Fréquence de mise à jour automatique de l'entrée DNS du client"
++#: src/config/SSSDConfig/sssdoptions.py:512
++msgid "Sudo rule host attribute"
++msgstr "Attribut hôte de la règle sudo"
+
+-#~ msgid "Whether the provider should explicitly update the PTR record as well"
+-#~ msgstr ""
+-#~ "Selon que le fournisseur doit aussi ou non mettre à jour explicitement "
+-#~ "l'enregistrement PTR"
++#: src/config/SSSDConfig/sssdoptions.py:513
++msgid "Sudo rule user attribute"
++msgstr "Attribut utilisateur de la règle sudo"
+
+-#~ msgid "Whether the nsupdate utility should default to using TCP"
+-#~ msgstr "Selon que l'utilitaire nsupdate doit utiliser TCP par défaut"
++#: src/config/SSSDConfig/sssdoptions.py:514
++msgid "Sudo rule option attribute"
++msgstr "Attribut option de la règle sudo"
+
+-#~ msgid "What kind of authentication should be used to perform the DNS update"
+-#~ msgstr ""
+-#~ "Quel type d'authentification doit être utilisée pour effectuer la mise à "
+-#~ "jour DNS"
++#: src/config/SSSDConfig/sssdoptions.py:515
++msgid "Sudo rule runas attribute"
++msgstr "Attribut de règle sudo runas"
+
+-#~ msgid "Override the DNS server used to perform the DNS update"
+-#~ msgstr ""
+-#~ "Remplace le serveur DNS utilisé pour effectuer la mise à jour du DNS"
++#: src/config/SSSDConfig/sssdoptions.py:516
++msgid "Sudo rule runasuser attribute"
++msgstr "Attribut runasuser de la règle sudo"
+
+-#~ msgid "Control enumeration of trusted domains"
+-#~ msgstr "Contrôle l'énumération des domaines approuvés"
++#: src/config/SSSDConfig/sssdoptions.py:517
++msgid "Sudo rule runasgroup attribute"
++msgstr "Attribut runasgroup de la règle sudo"
+
+-#~ msgid "How often should subdomains list be refreshed"
+-#~ msgstr "Fréquence de rafraîchissement des sous-domaines"
++#: src/config/SSSDConfig/sssdoptions.py:518
++msgid "Sudo rule notbefore attribute"
++msgstr "Attribut notbefore de la règle sudo"
+
+-#~ msgid "List of options that should be inherited into a subdomain"
+-#~ msgstr "Listes des options qui doivent être héritées dans le sous-domaine"
++#: src/config/SSSDConfig/sssdoptions.py:519
++msgid "Sudo rule notafter attribute"
++msgstr "Attribut notafter de règle sudo"
+
+-#~ msgid "Default subdomain homedir value"
+-#~ msgstr "Valeur par défaut du sous-domaine homedir"
++#: src/config/SSSDConfig/sssdoptions.py:520
++msgid "Sudo rule order attribute"
++msgstr "Attribut d'ordre de règle sudo"
+
+-#~ msgid "How long can cached credentials be used for cached authentication"
+-#~ msgstr ""
+-#~ "Combien de temps les informations d'identification en cache peuvent-elles "
+-#~ "être utilisées pour l'authentification en cache"
++#: src/config/SSSDConfig/sssdoptions.py:523
++msgid "Object class for automounter maps"
++msgstr "Classe objet pour la carte de montage automatique"
+
+-#~ msgid "Whether to automatically create private groups for users"
+-#~ msgstr ""
+-#~ "S'il faut créer automatiquement des groupes privés pour les utilisateurs"
++#: src/config/SSSDConfig/sssdoptions.py:524
++msgid "Automounter map name attribute"
++msgstr "Nom de l'attribut de carte de montage automatique"
+
+-#~ msgid "IPA domain"
+-#~ msgstr "Domaine IPA"
++#: src/config/SSSDConfig/sssdoptions.py:525
++msgid "Object class for automounter map entries"
++msgstr "Classe objet pour l'entrée de référence de montage automatique"
+
+-#~ msgid "IPA server address"
+-#~ msgstr "Adresse du serveur IPA"
++#: src/config/SSSDConfig/sssdoptions.py:526
++msgid "Automounter map entry key attribute"
++msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
+
+-#~ msgid "Address of backup IPA server"
+-#~ msgstr "Adresse du serveur IPA de secours"
++#: src/config/SSSDConfig/sssdoptions.py:527
++msgid "Automounter map entry value attribute"
++msgstr "Attribut de valeur pour la carte de montage automatique"
+
+-#~ msgid "IPA client hostname"
+-#~ msgstr "Nom de système du client IPA"
++#: src/config/SSSDConfig/sssdoptions.py:528
++msgid "Base DN for automounter map lookups"
++msgstr "Base DN pour les requêtes de carte de montage automatique"
+
+-#~ msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+-#~ msgstr ""
+-#~ "Choisir de mettre à jour automatiquement l'entrée DNS du client dans "
+-#~ "FreeIPA"
++#: src/config/SSSDConfig/sssdoptions.py:529
++msgid "The name of the automount master map in LDAP."
++msgstr ""
+
+-#~ msgid "Search base for HBAC related objects"
+-#~ msgstr "Base de recherche pour les objets HBAC"
++#: src/config/SSSDConfig/sssdoptions.py:532
++msgid "Base DN for IP hosts lookups"
++msgstr ""
+
+-#~ msgid ""
+-#~ "The amount of time between lookups of the HBAC rules against the IPA "
+-#~ "server"
+-#~ msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA"
++#: src/config/SSSDConfig/sssdoptions.py:533
++msgid "Object class for IP hosts"
++msgstr ""
+
+-#~ msgid ""
+-#~ "The amount of time in seconds between lookups of the SELinux maps against "
+-#~ "the IPA server"
+-#~ msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA"
++#: src/config/SSSDConfig/sssdoptions.py:534
++msgid "IP host name attribute"
++msgstr ""
+
+-#~ msgid "If set to false, host argument given by PAM will be ignored"
+-#~ msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré"
++#: src/config/SSSDConfig/sssdoptions.py:535
++msgid "IP host number (address) attribute"
++msgstr ""
+
+-#~ msgid "The automounter location this IPA client is using"
+-#~ msgstr ""
+-#~ "L'emplacement de la carte de montage automatique utilisée par le client "
+-#~ "IPA"
++#: src/config/SSSDConfig/sssdoptions.py:536
++msgid "IP host entryUSN attribute"
++msgstr ""
+
+-#~ msgid "Search base for object containing info about IPA domain"
+-#~ msgstr ""
+-#~ "Base de recherche pour l'objet contenant les informations de base à "
+-#~ "propos du domaine IPA"
++#: src/config/SSSDConfig/sssdoptions.py:537
++msgid "Base DN for IP networks lookups"
++msgstr ""
+
+-#~ msgid "Search base for objects containing info about ID ranges"
+-#~ msgstr ""
+-#~ "Base de recherche pour les objets contenant les informations à propos des "
+-#~ "plages d'ID"
++#: src/config/SSSDConfig/sssdoptions.py:538
++msgid "Object class for IP networks"
++msgstr ""
+
+-#~ msgid "Enable DNS sites - location based service discovery"
+-#~ msgstr ""
+-#~ "Activer les sites DNS - découverte de service basée sur l'emplacement"
+-
+-#~ msgid "Search base for view containers"
+-#~ msgstr "Base de recherche des conteneurs de vues"
+-
+-#~ msgid "Objectclass for view containers"
+-#~ msgstr "Classe d'objet pour les conteneurs de vues"
+-
+-#~ msgid "Attribute with the name of the view"
+-#~ msgstr "Attribut avec le nom de la vue"
+-
+-#~ msgid "Objectclass for override objects"
+-#~ msgstr "Classe d'objet surchargeant les objets"
+-
+-#~ msgid "Attribute with the reference to the original object"
+-#~ msgstr "Attribut faisant référence à l'objet originel "
+-
+-#~ msgid "Objectclass for user override objects"
+-#~ msgstr "Classe d'objet surchargeant les utilisateurs"
+-
+-#~ msgid "Objectclass for group override objects"
+-#~ msgstr "Classe d'objet surchargeant les groupes"
+-
+-#~ msgid "Search base for Desktop Profile related objects"
+-#~ msgstr "Base de recherche pour les objets liés au Profil du Bureau"
+-
+-#~ msgid ""
+-#~ "The amount of time in seconds between lookups of the Desktop Profile "
+-#~ "rules against the IPA server"
+-#~ msgstr ""
+-#~ "Le temps, en secondes, entre les consultations des règles du profil du "
+-#~ "bureau sur le serveur IPA"
+-
+-#~ msgid ""
+-#~ "The amount of time in minutes between lookups of Desktop Profiles rules "
+-#~ "against the IPA server when the last request did not find any rule"
+-#~ msgstr ""
+-#~ "Le temps en minutes entre les consultations des règles de profile de "
+-#~ "bureau sur le serveur IPA lorsque la dernière requête n'a trouvé aucune "
+-#~ "règle"
+-
+-#~ msgid "Active Directory domain"
+-#~ msgstr "Domaine Active Directory"
+-
+-#~ msgid "Enabled Active Directory domains"
+-#~ msgstr "Domaine d’Active Directory activés"
+-
+-#~ msgid "Active Directory server address"
+-#~ msgstr "Adresse du serveur Active Directory"
+-
+-#~ msgid "Active Directory backup server address"
+-#~ msgstr "Adresse du serveur Active Directory de secours"
+-
+-#~ msgid "Active Directory client hostname"
+-#~ msgstr "Nom de système du client Active Directory"
+-
+-#~ msgid "LDAP filter to determine access privileges"
+-#~ msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
+-
+-#~ msgid "Whether to use the Global Catalog for lookups"
+-#~ msgstr "Choisir d'utiliser ou non le catalogue global pour les recherches"
+-
+-#~ msgid "Operation mode for GPO-based access control"
+-#~ msgstr "Mode opératoire pour les contrôles d'accès basé sur les GPO"
+-
+-#~ msgid ""
+-#~ "The amount of time between lookups of the GPO policy files against the AD "
+-#~ "server"
+-#~ msgstr ""
+-#~ "Durée entre les recherches de fichiers de politiques de GPO dans le "
+-#~ "serveur AD"
+-
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
+-#~ "settings"
+-#~ msgstr ""
+-#~ "Noms de services PAM correspondant à la configuration de la politique "
+-#~ "(Deny)InteractiveLogonRight de la GPO"
++#: src/config/SSSDConfig/sssdoptions.py:539
++msgid "IP network name attribute"
++msgstr ""
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
+-#~ "policy settings"
+-#~ msgstr ""
+-#~ "Noms de services PAM correspondant à la configuration de la politique "
+-#~ "(Deny)RemoteInteractiveLogonRight de la GPO"
++#: src/config/SSSDConfig/sssdoptions.py:540
++msgid "IP network number (address) attribute"
++msgstr ""
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
+-#~ "settings"
+-#~ msgstr ""
+-#~ "Noms de services PAM correspondant à la configuration de la politique "
+-#~ "(Deny)NetworkLogonRight de la GPO"
++#: src/config/SSSDConfig/sssdoptions.py:541
++msgid "IP network entryUSN attribute"
++msgstr ""
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)BatchLogonRight policy "
+-#~ "settings"
+-#~ msgstr ""
+-#~ "Noms de services PAM correspondant à la configuration de la politique "
+-#~ "(Deny)BatchLogonRight de la GPO"
++#: src/config/SSSDConfig/sssdoptions.py:544
++msgid "Comma separated list of allowed users"
++msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
+-#~ "settings"
+-#~ msgstr ""
+-#~ "Noms de services PAM correspondant à la configuration de la politique "
+-#~ "(Deny)ServiceLogonRight de la GPO"
++#: src/config/SSSDConfig/sssdoptions.py:545
++msgid "Comma separated list of prohibited users"
++msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
+
+-#~ msgid "PAM service names for which GPO-based access is always granted"
+-#~ msgstr ""
+-#~ "Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
+-#~ "toujours autorisés"
++#: src/config/SSSDConfig/sssdoptions.py:546
++msgid ""
++"Comma separated list of groups that are allowed to log in. This applies only "
++"to groups within this SSSD domain. Local groups are not evaluated."
++msgstr ""
+
+-#~ msgid "PAM service names for which GPO-based access is always denied"
+-#~ msgstr ""
+-#~ "Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
+-#~ "toujours interdits"
++#: src/config/SSSDConfig/sssdoptions.py:548
++msgid ""
++"Comma separated list of groups that are explicitly denied access. This "
++"applies only to groups within this SSSD domain. Local groups are not "
++"evaluated."
++msgstr ""
+
+-#~ msgid ""
+-#~ "Default logon right (or permit/deny) to use for unmapped PAM service names"
+-#~ msgstr ""
+-#~ "Droit de connexion par défaut (ou permission/interdiction) à utiliser "
+-#~ "pour les noms de services sans correspondance"
++#: src/config/SSSDConfig/sssdoptions.py:552
++msgid "Base for home directories"
++msgstr "Base pour les répertoires utilisateur"
+
+-#~ msgid "a particular site to be used by the client"
+-#~ msgstr "un site particulier utilisé par le client"
++#: src/config/SSSDConfig/sssdoptions.py:553
++msgid "Indicate if a home directory should be created for new users."
++msgstr ""
+
+-#~ msgid ""
+-#~ "Maximum age in days before the machine account password should be renewed"
+-#~ msgstr ""
+-#~ "Âge maximum en jours avant que le mot de passe du compte de la machine ne "
+-#~ "soit renouvelé"
++#: src/config/SSSDConfig/sssdoptions.py:554
++msgid "Indicate if a home directory should be removed for deleted users."
++msgstr ""
+
+-#~ msgid "Option for tuning the machine account renewal task"
+-#~ msgstr "Option de réglage de la tâche de renouvellement du compte machine"
++#: src/config/SSSDConfig/sssdoptions.py:555
++msgid "Specify the default permissions on a newly created home directory."
++msgstr ""
+
+-#~ msgid "Kerberos server address"
+-#~ msgstr "Adresse du serveur Kerberos"
++#: src/config/SSSDConfig/sssdoptions.py:556
++msgid "The skeleton directory."
++msgstr ""
+
+-#~ msgid "Kerberos backup server address"
+-#~ msgstr "Adresse du serveur Kerberos de secours"
++#: src/config/SSSDConfig/sssdoptions.py:557
++msgid "The mail spool directory."
++msgstr ""
+
+-#~ msgid "Kerberos realm"
+-#~ msgstr "Domaine Kerberos"
++#: src/config/SSSDConfig/sssdoptions.py:558
++msgid "The command that is run after a user is removed."
++msgstr ""
+
+-#~ msgid "Authentication timeout"
+-#~ msgstr "Délai avant expiration de l'authentification"
++#: src/config/SSSDConfig/sssdoptions.py:561
++msgid "The number of preforked proxy children."
++msgstr "Le nombre d'enfants proxy pré-fourche."
+
+-#~ msgid "Whether to create kdcinfo files"
+-#~ msgstr "Choisir de créer ou non les fichiers kdcinfo"
++#: src/config/SSSDConfig/sssdoptions.py:564
++msgid "The name of the NSS library to use"
++msgstr "Nom de la bibliothèque NSS à utiliser"
+
+-#~ msgid "Where to drop krb5 config snippets"
+-#~ msgstr "Où déposer les extraits de configuration krb5"
++#: src/config/SSSDConfig/sssdoptions.py:565
++msgid "The name of the NSS library to use for hosts and networks lookups"
++msgstr ""
+
+-#~ msgid "Directory to store credential caches"
+-#~ msgstr "Répertoire pour stocker les caches de crédits"
++#: src/config/SSSDConfig/sssdoptions.py:566
++msgid "Whether to look up canonical group name from cache if possible"
++msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
+
+-#~ msgid "Location of the user's credential cache"
+-#~ msgstr "Emplacement du cache de crédits de l'utilisateur"
++#: src/config/SSSDConfig/sssdoptions.py:569
++msgid "PAM stack to use"
++msgstr "Pile PAM à utiliser"
+
+-#~ msgid "Location of the keytab to validate credentials"
+-#~ msgstr "Emplacement du fichier keytab de validation des crédits"
++#: src/config/SSSDConfig/sssdoptions.py:572
++msgid "Path of passwd file sources."
++msgstr "Chemin des sources des fichiers passwd."
+
+-#~ msgid "Enable credential validation"
+-#~ msgstr "Activer la validation des crédits"
++#: src/config/SSSDConfig/sssdoptions.py:573
++msgid "Path of group file sources."
++msgstr "Chemin des sources des fichiers de groupe."
+
+-#~ msgid "Store password if offline for later online authentication"
+-#~ msgstr ""
+-#~ "Stocker le mot de passe, si hors-ligne, pour une authentification "
+-#~ "ultérieure en ligne"
++#: src/monitor/monitor.c:2371
++msgid "Become a daemon (default)"
++msgstr "Devenir un démon (par défaut)"
+
+-#~ msgid "Renewable lifetime of the TGT"
+-#~ msgstr "Durée de vie renouvelable du TGT"
++#: src/monitor/monitor.c:2373
++msgid "Run interactive (not a daemon)"
++msgstr "Fonctionner en interactif (non démon)"
+
+-#~ msgid "Lifetime of the TGT"
+-#~ msgstr "Durée de vie du TGT"
++#: src/monitor/monitor.c:2376
++msgid "Disable netlink interface"
++msgstr "Désactiver l'interface netlink"
+
+-#~ msgid "Time between two checks for renewal"
+-#~ msgstr "Durée entre deux vérifications pour le renouvellement"
++#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_config.c:77
++#: src/tools/sssctl/sssctl_logs.c:310
++msgid "Specify a non-default config file"
++msgstr "Définir un fichier de configuration différent de celui par défaut"
+
+-#~ msgid "Enables FAST"
+-#~ msgstr "Active FAST"
++#: src/monitor/monitor.c:2380
++msgid "Refresh the configuration database, then exit"
++msgstr "Rafraîchissez la base de données de configuration, puis quittez"
+
+-#~ msgid "Selects the principal to use for FAST"
+-#~ msgstr "Sélectionne le principal à utiliser avec FAST"
++#: src/monitor/monitor.c:2383
++msgid "Similar to --genconf, but only refreshes the given section"
++msgstr "Semblable à --genconf, mais ne rafraîchit que la section donnée"
+
+-#~ msgid "Enables principal canonicalization"
+-#~ msgstr "Active la canonisation du principal"
++#: src/monitor/monitor.c:2386
++msgid "Print version number and exit"
++msgstr "Afficher le numéro de version et quitte"
+
+-#~ msgid "Enables enterprise principals"
+-#~ msgstr "Active les principals d'entreprise"
++#: src/monitor/monitor.c:2532
++msgid "SSSD is already running\n"
++msgstr "SSSD est déjà en cours d'exécution\n"
+
+-#~ msgid "A mapping from user names to Kerberos principal names"
+-#~ msgstr ""
+-#~ "Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos"
++#: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
++msgid "Debug level"
++msgstr "Niveau de débogage"
+
+-#~ msgid ""
+-#~ "Server where the change password service is running if not on the KDC"
+-#~ msgstr ""
+-#~ "Serveur où tourne le service de changement de mot de passe s'il n'est pas "
+-#~ "sur le KDC"
++#: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
++msgid "Add debug timestamps"
++msgstr "Ajouter l'horodatage au débogage"
+
+-#~ msgid "ldap_uri, The URI of the LDAP server"
+-#~ msgstr "ldap_uri, l'adresse du serveur LDAP"
++#: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
++msgid "Show timestamps with microseconds"
++msgstr "Afficher l'horodatage en microsecondes"
+
+-#~ msgid "ldap_backup_uri, The URI of the LDAP server"
+-#~ msgstr "ldap_backup_uri, l'URI du serveur LDAP"
++#: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
++msgid "An open file descriptor for the debug logs"
++msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
+
+-#~ msgid "The default base DN"
+-#~ msgstr "La base DN par défaut"
++#: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
++msgid "Send the debug output to stderr directly."
++msgstr "Envoyer la sortie de débogage directement vers l'erreur standard."
+
+-#~ msgid "The Schema Type in use on the LDAP server, rfc2307"
+-#~ msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
++#: src/providers/krb5/krb5_child.c:3245
++msgid "The user to create FAST ccache as"
++msgstr "L'utilisateur à utiliser pour la création du ccache FAST"
+
+-#~ msgid "Mode used to change user password"
+-#~ msgstr "Mode utilisé pour modifier le mot de passe utilisateur"
++#: src/providers/krb5/krb5_child.c:3247
++msgid "The group to create FAST ccache as"
++msgstr "Le groupe à utiliser pour la création du ccache FAST"
+
+-#~ msgid "The default bind DN"
+-#~ msgstr "Le DN de connexion par défaut"
++#: src/providers/krb5/krb5_child.c:3249
++msgid "Kerberos realm to use"
++msgstr "Domaine Kerberos à utiliser"
+
+-#~ msgid "The type of the authentication token of the default bind DN"
+-#~ msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
++#: src/providers/krb5/krb5_child.c:3251
++msgid "Requested lifetime of the ticket"
++msgstr "Demande de renouvellement à vie du billet"
+
+-#~ msgid "The authentication token of the default bind DN"
+-#~ msgstr "Le jeton d'authentification du DN de connexion par défaut"
++#: src/providers/krb5/krb5_child.c:3253
++msgid "Requested renewable lifetime of the ticket"
++msgstr "Demande de renouvellement à vie du billet"
+
+-#~ msgid "Length of time to attempt connection"
+-#~ msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
++#: src/providers/krb5/krb5_child.c:3255
++msgid "FAST options ('never', 'try', 'demand')"
++msgstr "Options FAST ('never', 'try', 'demand')"
+
+-#~ msgid "Length of time to attempt synchronous LDAP operations"
+-#~ msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
++#: src/providers/krb5/krb5_child.c:3258
++msgid "Specifies the server principal to use for FAST"
++msgstr "Spécifie le principal de serveur afin d'utiliser FAST."
+
+-#~ msgid "Length of time between attempts to reconnect while offline"
+-#~ msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
++#: src/providers/krb5/krb5_child.c:3260
++msgid "Requests canonicalization of the principal name"
++msgstr "Demande la canonisation du nom principal"
+
+-#~ msgid "Use only the upper case for realm names"
+-#~ msgstr "N'utiliser que des majuscules pour les noms de domaine"
++#: src/providers/krb5/krb5_child.c:3262
++msgid "Use custom version of krb5_get_init_creds_password"
++msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
+
+-#~ msgid "File that contains CA certificates"
+-#~ msgstr "Fichier contenant les certificats des CA"
++#: src/providers/data_provider_be.c:674
++msgid "Domain of the information provider (mandatory)"
++msgstr "Domaine du fournisseur d'informations (obligatoire)"
++
++#: src/sss_client/common.c:1079
++msgid "Privileged socket has wrong ownership or permissions."
++msgstr ""
++"Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire."
++
++#: src/sss_client/common.c:1082
++msgid "Public socket has wrong ownership or permissions."
++msgstr ""
++"Le socket public a de mauvaises permissions ou un mauvais propriétaire."
++
++#: src/sss_client/common.c:1085
++msgid "Unexpected format of the server credential message."
++msgstr "Le message du serveur de crédits a un format inattendu."
++
++#: src/sss_client/common.c:1088
++msgid "SSSD is not run by root."
++msgstr "SSSD n'est pas démarré par root."
++
++#: src/sss_client/common.c:1091
++msgid "SSSD socket does not exist."
++msgstr "La socket SSSD n'existe pas."
++
++#: src/sss_client/common.c:1094
++msgid "Cannot get stat of SSSD socket."
++msgstr "Impossible d'obtenir le stat du socket SSSD."
++
++#: src/sss_client/common.c:1099
++msgid "An error occurred, but no description can be found."
++msgstr "Une erreur est survenue mais aucune description n'est trouvée."
++
++#: src/sss_client/common.c:1105
++msgid "Unexpected error while looking for an error description"
++msgstr "Erreur inattendue lors de la recherche de la description de l'erreur"
++
++#: src/sss_client/pam_sss.c:68
++msgid "Permission denied. "
++msgstr "Accès refusé."
++
++#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:781
++#: src/sss_client/pam_sss.c:792
++msgid "Server message: "
++msgstr "Message du serveur : "
++
++#: src/sss_client/pam_sss.c:299
++msgid "Passwords do not match"
++msgstr "Les mots de passe ne correspondent pas"
++
++#: src/sss_client/pam_sss.c:487
++msgid "Password reset by root is not supported."
++msgstr ""
++"La réinitialisation du mot de passe par root n'est pas prise en charge."
++
++#: src/sss_client/pam_sss.c:528
++msgid "Authenticated with cached credentials"
++msgstr "Authentifié avec les crédits mis en cache"
++
++#: src/sss_client/pam_sss.c:529
++msgid ", your cached password will expire at: "
++msgstr ", votre mot de passe en cache expirera à :"
++
++#: src/sss_client/pam_sss.c:559
++#, c-format
++msgid "Your password has expired. You have %1$d grace login(s) remaining."
++msgstr ""
++"Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)."
++
++#: src/sss_client/pam_sss.c:605
++#, c-format
++msgid "Your password will expire in %1$d %2$s."
++msgstr "Votre mot de passe expirera dans %1$d %2$s."
++
++#: src/sss_client/pam_sss.c:654
++msgid "Authentication is denied until: "
++msgstr "L'authentification est refusée jusque :"
++
++#: src/sss_client/pam_sss.c:675
++msgid "System is offline, password change not possible"
++msgstr ""
++"Le système est hors-ligne, les modifications du mot de passe sont "
++"impossibles"
++
++#: src/sss_client/pam_sss.c:690
++msgid ""
++"After changing the OTP password, you need to log out and back in order to "
++"acquire a ticket"
++msgstr ""
++"Après avoir modifié le mot de passe OTP, vous devez vous déconnecter et vous "
++"reconnecter afin d'acquérir un ticket"
++
++#: src/sss_client/pam_sss.c:778 src/sss_client/pam_sss.c:791
++msgid "Password change failed. "
++msgstr "Échec du changement de mot de passe."
++
++#: src/sss_client/pam_sss.c:2015
++msgid "New Password: "
++msgstr "Nouveau mot de passe : "
++
++#: src/sss_client/pam_sss.c:2016
++msgid "Reenter new Password: "
++msgstr "Retaper le nouveau mot de passe : "
++
++#: src/sss_client/pam_sss.c:2178 src/sss_client/pam_sss.c:2181
++msgid "First Factor: "
++msgstr "Premier facteur :"
++
++#: src/sss_client/pam_sss.c:2179 src/sss_client/pam_sss.c:2353
++msgid "Second Factor (optional): "
++msgstr "Deuxième facteur (facultatif) : "
++
++#: src/sss_client/pam_sss.c:2182 src/sss_client/pam_sss.c:2356
++msgid "Second Factor: "
++msgstr "Second facteur :"
++
++#: src/sss_client/pam_sss.c:2200
++msgid "Password: "
++msgstr "Mot de passe : "
++
++#: src/sss_client/pam_sss.c:2352 src/sss_client/pam_sss.c:2355
++msgid "First Factor (Current Password): "
++msgstr "Premier facteur (mot de passe actuel) : "
++
++#: src/sss_client/pam_sss.c:2359
++msgid "Current Password: "
++msgstr "Mot de passe actuel : "
++
++#: src/sss_client/pam_sss.c:2714
++msgid "Password expired. Change your password now."
++msgstr "Mot de passe expiré. Changez votre mot de passe maintenant."
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
++#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
++#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
++#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
++#: src/tools/sss_cache.c:719
++msgid "The debug level to run with"
++msgstr "Le niveau de débogage utilisé avec"
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
++msgid "The SSSD domain to use"
++msgstr "Le domaine SSSD à utiliser"
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
++#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
++#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
++#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
++#: src/tools/sss_cache.c:765
++msgid "Error setting the locale\n"
++msgstr "Erreur lors du paramétrage de la locale\n"
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
++msgid "Not enough memory\n"
++msgstr "Mémoire insuffisante\n"
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
++msgid "User not specified\n"
++msgstr "Utilisateur non spécifié\n"
++
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
++msgid "Error looking up public keys\n"
++msgstr "Erreur lors de la recherche des clés publiques\n"
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
++msgid "The port to use to connect to the host"
++msgstr "Le port à utiliser pour se connecter à l'hôte"
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
++msgid "Print the host ssh public keys"
++msgstr "Imprimer les clés publiques ssh de l'hôte"
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
++msgid "Invalid port\n"
++msgstr "Port invalide\n"
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
++msgid "Host not specified\n"
++msgstr "Hôte non spécifié\n"
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
++msgid "The path to the proxy command must be absolute\n"
++msgstr "Le chemin vers la commande de proxy doit être absolue\n"
++
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
++#, c-format
++msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
++msgstr "sss_ssh_knownhostsproxy : Impossible de résoudre le nom d'hôte %s\n"
++
++#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
++msgid "The UID of the user"
++msgstr "L'UID de l'utilisateur"
++
++#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
++msgid "The comment string"
++msgstr "Phrase de commentaire"
++
++#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
++msgid "Home directory"
++msgstr "Répertoire utilisateur"
++
++#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
++msgid "Login shell"
++msgstr "Interpréteur de commandes de connexion"
++
++#: src/tools/sss_useradd.c:53
++msgid "Groups"
++msgstr "Groupes"
++
++#: src/tools/sss_useradd.c:54
++msgid "Create user's directory if it does not exist"
++msgstr "Créer le repertoire utilisateur s'il n'existe pas"
++
++#: src/tools/sss_useradd.c:55
++msgid "Never create user's directory, overrides config"
++msgstr ""
++"Ne jamais créer de répertoire utilisateur, outrepasse la configuration"
++
++#: src/tools/sss_useradd.c:56
++msgid "Specify an alternative skeleton directory"
++msgstr "Spécifie un répertoire squelette alternatif"
++
++#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
++msgid "The SELinux user for user's login"
++msgstr "L'utilisateur SELinux pour l'identifiant de l'utilisateur"
++
++#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
++#: src/tools/sss_usermod.c:92
++msgid "Specify group to add to\n"
++msgstr "Définir le groupe à ajouter à\n"
++
++#: src/tools/sss_useradd.c:111
++msgid "Specify user to add\n"
++msgstr "Définir l'utilisateur à ajouter à\n"
++
++#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
++#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
++#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
++#: src/tools/sss_usermod.c:162
++msgid "Error initializing the tools - no local domain\n"
++msgstr "Erreur à l'initialisation des outils - aucun domaine local\n"
++
++#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
++#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
++#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
++#: src/tools/sss_usermod.c:164
++msgid "Error initializing the tools\n"
++msgstr "Erreur à l'initialisation des outils\n"
++
++#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
++#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
++#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
++#: src/tools/sss_usermod.c:173
++msgid "Invalid domain specified in FQDN\n"
++msgstr "Domaine invalide définit dans le FQDN\n"
++
++#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
++#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
++#: src/tools/sss_usermod.c:226
++msgid "Internal error while parsing parameters\n"
++msgstr "Erreur interne lors de l'analyse des paramètres\n"
++
++#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
++#: src/tools/sss_usermod.c:235
++msgid "Groups must be in the same domain as user\n"
++msgstr "Les groupes doivent être dans le même domaine que l'utilisateur\n"
++
++#: src/tools/sss_useradd.c:159
++#, c-format
++msgid "Cannot find group %1$s in local domain\n"
++msgstr "Impossible de trouver le groupe %1$s dans le domaine local\n"
++
++#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
++msgid "Cannot set default values\n"
++msgstr "Impossible de définir les valeurs par défaut\n"
++
++#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
++msgid "The selected UID is outside the allowed range\n"
++msgstr "L'UID sélectionné est en dehors de la plage autorisée\n"
++
++#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
++msgid "Cannot set SELinux login context\n"
++msgstr "Impossible de définir le contexte de connexion SELinux\n"
++
++#: src/tools/sss_useradd.c:224
++msgid "Cannot get info about the user\n"
++msgstr "Impossible de trouver les informations sur l'utilisateur\n"
++
++#: src/tools/sss_useradd.c:236
++msgid "User's home directory already exists, not copying data from skeldir\n"
++msgstr ""
++"Le répertoire de l'utilisateur existe déjà, les données du répertoire "
++"squelette ne sont pas copiées\n"
++
++#: src/tools/sss_useradd.c:239
++#, c-format
++msgid "Cannot create user's home directory: %1$s\n"
++msgstr "Impossible de créer le répertoire de l'utilisateur : %1$s\n"
++
++#: src/tools/sss_useradd.c:250
++#, c-format
++msgid "Cannot create user's mail spool: %1$s\n"
++msgstr ""
++"Impossible de créer le répertoire de réception des messages électroniques "
++"pour l'utilisateur : %1$s\n"
++
++#: src/tools/sss_useradd.c:270
++msgid "Could not allocate ID for the user - domain full?\n"
++msgstr ""
++"L'identifiant de l'utilisateur ne peut pas être alloué - domaine plein ?\n"
++
++#: src/tools/sss_useradd.c:274
++msgid "A user or group with the same name or ID already exists\n"
++msgstr "Un utilisateur ou groupe avec le même nom ou identifiant existe déjà\n"
++
++#: src/tools/sss_useradd.c:280
++msgid "Transaction error. Could not add user.\n"
++msgstr "Erreur de transaction. Impossible d'ajouter l'utilisateur.\n"
++
++#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
++msgid "The GID of the group"
++msgstr "Le GID du groupe"
++
++#: src/tools/sss_groupadd.c:76
++msgid "Specify group to add\n"
++msgstr "Définir le groupe à ajouter\n"
++
++#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
++msgid "The selected GID is outside the allowed range\n"
++msgstr "Le GID choisit est en dehors de la plage autorisée\n"
++
++#: src/tools/sss_groupadd.c:143
++msgid "Could not allocate ID for the group - domain full?\n"
++msgstr "Impossible d'allouer l'identifiant du groupe - domaine plein ?\n"
++
++#: src/tools/sss_groupadd.c:147
++msgid "A group with the same name or GID already exists\n"
++msgstr "Un groupe avec le même nom ou GID existe déjà\n"
++
++#: src/tools/sss_groupadd.c:153
++msgid "Transaction error. Could not add group.\n"
++msgstr "Erreur de transaction. Impossible d'ajouter le groupe.\n"
++
++#: src/tools/sss_groupdel.c:70
++msgid "Specify group to delete\n"
++msgstr "Spécifier le groupe à supprimer\n"
++
++#: src/tools/sss_groupdel.c:104
++#, c-format
++msgid "Group %1$s is outside the defined ID range for domain\n"
++msgstr ""
++"Le groupe %1$s est en dehors de la plage d'identifiants définie pour le "
++"domaine\n"
++
++#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
++#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
++#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
++#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
++#, c-format
++msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
++msgstr ""
++"Échec de requête NSS (%1$d). L'entrée peut persister dans le cache en "
++"mémoire.\n"
++
++#: src/tools/sss_groupdel.c:132
++msgid ""
++"No such group in local domain. Removing groups only allowed in local domain."
++"\n"
++msgstr ""
++"Aucun groupe dans le domaine local. La suppression de groupes n'est "
++"autorisée que dans le domaine local.\n"
++
++#: src/tools/sss_groupdel.c:137
++msgid "Internal error. Could not remove group.\n"
++msgstr "Erreur interne. Impossible de supprimer le groupe.\n"
++
++#: src/tools/sss_groupmod.c:44
++msgid "Groups to add this group to"
++msgstr "Groupes auxquels ce groupe sera ajouté"
++
++#: src/tools/sss_groupmod.c:46
++msgid "Groups to remove this group from"
++msgstr "Groupes desquels ce groupe sera retiré"
++
++#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
++msgid "Specify group to remove from\n"
++msgstr "Définir le groupe duquel supprimer\n"
++
++#: src/tools/sss_groupmod.c:101
++msgid "Specify group to modify\n"
++msgstr "Définir le groupe à modifier\n"
++
++#: src/tools/sss_groupmod.c:130
++msgid ""
++"Cannot find group in local domain, modifying groups is allowed only in local "
++"domain\n"
++msgstr ""
++"Impossible de trouver le groupe dans le domaine local, la modification des "
++"groupes n'est autorisée que dans le domaine local\n"
++
++#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
++msgid "Member groups must be in the same domain as parent group\n"
++msgstr ""
++"Les membres du groupe doivent être dans le même domaine que le groupe "
++"parent\n"
++
++#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
++#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
++#, c-format
++msgid ""
++"Cannot find group %1$s in local domain, only groups in local domain are "
++"allowed\n"
++msgstr ""
++"Impossible de trouver le groupe %1$s dans le domaine local, seuls les "
++"groupes du domaine local sont autorisés\n"
++
++#: src/tools/sss_groupmod.c:257
++msgid "Could not modify group - check if member group names are correct\n"
++msgstr ""
++"Impossible de modifier le groupe - vérifier que les noms des groupes membres "
++"sont corrects\n"
++
++#: src/tools/sss_groupmod.c:261
++msgid "Could not modify group - check if groupname is correct\n"
++msgstr ""
++"Impossible de modifier le groupe - vérifier que le nom du groupe est "
++"correct\n"
++
++#: src/tools/sss_groupmod.c:265
++msgid "Transaction error. Could not modify group.\n"
++msgstr "Erreur de transaction. Impossible de modifier le groupe.\n"
++
++#: src/tools/sss_groupshow.c:616
++msgid "Magic Private "
++msgstr "Magie privée"
++
++#: src/tools/sss_groupshow.c:615
++#, c-format
++msgid "%1$s%2$sGroup: %3$s\n"
++msgstr "%1$s%2$sGroup: %3$s\n"
++
++#: src/tools/sss_groupshow.c:618
++#, c-format
++msgid "%1$sGID number: %2$d\n"
++msgstr "%1$s GID numéro : %2$d\n"
++
++#: src/tools/sss_groupshow.c:620
++#, c-format
++msgid "%1$sMember users: "
++msgstr "Utilisateurs membres de %1$s :"
++
++#: src/tools/sss_groupshow.c:627
++#, c-format
++msgid "\n"
++"%1$sIs a member of: "
++msgstr "\n"
++"%1$s est membre de : "
++
++#: src/tools/sss_groupshow.c:634
++#, c-format
++msgid "\n"
++"%1$sMember groups: "
++msgstr "\n"
++"Groupes membres de %1$s : "
++
++#: src/tools/sss_groupshow.c:670
++msgid "Print indirect group members recursively"
++msgstr "Afficher les membres du groupe indirects récursivement"
++
++#: src/tools/sss_groupshow.c:704
++msgid "Specify group to show\n"
++msgstr "Définir le groupe à afficher\n"
++
++#: src/tools/sss_groupshow.c:744
++msgid ""
++"No such group in local domain. Printing groups only allowed in local domain."
++"\n"
++msgstr ""
++"Aucun groupe dans le domaine local. L'affichage des groupes n'est autorisé "
++"que dans le domaine local.\n"
++
++#: src/tools/sss_groupshow.c:749
++msgid "Internal error. Could not print group.\n"
++msgstr "Erreur interne. Impossible d'afficher le groupe.\n"
++
++#: src/tools/sss_userdel.c:138
++msgid "Remove home directory and mail spool"
++msgstr "Suppression du répertoire personnel et de gestion des mails"
++
++#: src/tools/sss_userdel.c:140
++msgid "Do not remove home directory and mail spool"
++msgstr "Ne pas supprimer le répertoire personnel et de gestion des mails"
++
++#: src/tools/sss_userdel.c:142
++msgid "Force removal of files not owned by the user"
++msgstr "Forcer la suppression des fichiers n'appartenant pas à l'utilisateur"
++
++#: src/tools/sss_userdel.c:144
++msgid "Kill users' processes before removing him"
++msgstr "Tuer les processus de l'utilisateur avant de le supprimer"
++
++#: src/tools/sss_userdel.c:190
++msgid "Specify user to delete\n"
++msgstr "Définir l'utilisateur à supprimer\n"
++
++#: src/tools/sss_userdel.c:236
++#, c-format
++msgid "User %1$s is outside the defined ID range for domain\n"
++msgstr ""
++"L'utilisateur %1$s est en dehors de la plage d'identifiants définie pour le "
++"domaine\n"
++
++#: src/tools/sss_userdel.c:261
++msgid "Cannot reset SELinux login context\n"
++msgstr "Impossible de réinitialiser le contexte de connexion SELinux\n"
++
++#: src/tools/sss_userdel.c:273
++#, c-format
++msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
++msgstr ""
++"ATTENTION : l'utilisateur (uid %1$lu) était encore connecté lors de sa "
++"suppression.\n"
++
++#: src/tools/sss_userdel.c:278
++msgid "Cannot determine if the user was logged in on this platform"
++msgstr ""
++"Impossible de savoir si l'utilisateur était connecté sur cette plateforme"
++
++#: src/tools/sss_userdel.c:283
++msgid "Error while checking if the user was logged in\n"
++msgstr "Erreur en vérifiant si l'utilisateur était connecté\n"
++
++#: src/tools/sss_userdel.c:290
++#, c-format
++msgid "The post-delete command failed: %1$s\n"
++msgstr "La commande post-suppression a échoué : %1$s\n"
++
++#: src/tools/sss_userdel.c:310
++msgid "Not removing home dir - not owned by user\n"
++msgstr ""
++"Le répertoire personnel n'est pas supprimé - l'utilisateur n'en est pas le "
++"propriétaire\n"
++
++#: src/tools/sss_userdel.c:312
++#, c-format
++msgid "Cannot remove homedir: %1$s\n"
++msgstr "Impossible de supprimer le répertoire utilisateur : %1$s\n"
++
++#: src/tools/sss_userdel.c:326
++msgid ""
++"No such user in local domain. Removing users only allowed in local domain.\n"
++msgstr ""
++"Aucun utilisateur dans le domaine local. La suppression des utilisateurs "
++"n'est autorisée que dans le domaine local.\n"
++
++#: src/tools/sss_userdel.c:331
++msgid "Internal error. Could not remove user.\n"
++msgstr "Erreur interne. Impossible de supprimer l'utilisateur.\n"
++
++#: src/tools/sss_usermod.c:49
++msgid "The GID of the user"
++msgstr "Le GID de l'utilisateur"
++
++#: src/tools/sss_usermod.c:53
++msgid "Groups to add this user to"
++msgstr "Groupes auxquels ajouter cet utilisateur"
++
++#: src/tools/sss_usermod.c:54
++msgid "Groups to remove this user from"
++msgstr "Groupes auxquels enlever cet utilisateur"
++
++#: src/tools/sss_usermod.c:55
++msgid "Lock the account"
++msgstr "Verrouiller le compte"
++
++#: src/tools/sss_usermod.c:56
++msgid "Unlock the account"
++msgstr "Déverrouiller le compte"
++
++#: src/tools/sss_usermod.c:57
++msgid "Add an attribute/value pair. The format is attrname=value."
++msgstr "Ajouter une paire attribut/valeur. Le format est nom_attribut=valeur."
++
++#: src/tools/sss_usermod.c:58
++msgid "Delete an attribute/value pair. The format is attrname=value."
++msgstr ""
++"Supprimer une paire attribut/valeur. Le format est nom_attribut=valeur."
++
++#: src/tools/sss_usermod.c:59
++msgid ""
++"Set an attribute to a name/value pair. The format is attrname=value. For "
++"multi-valued attributes, the command replaces the values already present"
++msgstr ""
++"Définir une paire attribut/valeur. Le format est nom_attribut=valeur. Pour "
++"les attributs multi-valués, la commande remplace les valeurs déjà présentes."
++
++#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
++#: src/tools/sss_usermod.c:135
++msgid "Specify the attribute name/value pair(s)\n"
++msgstr "Indiquer les paires nom d'attributs et valeurs.\n"
++
++#: src/tools/sss_usermod.c:152
++msgid "Specify user to modify\n"
++msgstr "Spécifier l'utilisateur à modifier\n"
+
+-#~ msgid "Path to CA certificate directory"
+-#~ msgstr "Chemin vers le répertoire de certificats des CA"
++#: src/tools/sss_usermod.c:180
++msgid ""
++"Cannot find user in local domain, modifying users is allowed only in local "
++"domain\n"
++msgstr ""
++"Impossible de trouver l'utilisateur dans le domaine local, la modification "
++"des utilisateurs n'est autorisée que dans le domaine local\n"
+
+-#~ msgid "File that contains the client certificate"
+-#~ msgstr "Fichier contenant le certificat client"
++#: src/tools/sss_usermod.c:322
++msgid "Could not modify user - check if group names are correct\n"
++msgstr ""
++"Impossible de modifier l'utilisateur - vérifiez que les noms de groupe sont "
++"corrects\n"
+
+-#~ msgid "File that contains the client key"
+-#~ msgstr "Fichier contenant la clé du client"
++#: src/tools/sss_usermod.c:326
++msgid "Could not modify user - user already member of groups?\n"
++msgstr ""
++"Impossible de modifier l'utilisateur - l'utilisateur est déjà membre du "
++"groupe ?\n"
+
+-#~ msgid "List of possible ciphers suites"
+-#~ msgstr "Liste des suites de chiffrement possibles"
++#: src/tools/sss_usermod.c:330
++msgid "Transaction error. Could not modify user.\n"
++msgstr "Erreur de transaction. Impossible de modifier l'utlisateur.\n"
+
+-#~ msgid "Require TLS certificate verification"
+-#~ msgstr "Requiert une vérification de certificat TLS"
++#: src/tools/sss_cache.c:245
++msgid "No cache object matched the specified search\n"
++msgstr "Aucun object trouvé dans le cache pour la recherche spécifiée\n"
+
+-#~ msgid "Specify the sasl mechanism to use"
+-#~ msgstr "Spécifier le mécanisme SASL à utiliser"
++#: src/tools/sss_cache.c:536
++#, c-format
++msgid "Couldn't invalidate %1$s\n"
++msgstr "Impossible d'invalider %1$s\n"
+
+-#~ msgid "Specify the sasl authorization id to use"
+-#~ msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
++#: src/tools/sss_cache.c:543
++#, c-format
++msgid "Couldn't invalidate %1$s %2$s\n"
++msgstr "Impossible d'invalider %1$s %2$s\n"
+
+-#~ msgid "Specify the sasl authorization realm to use"
+-#~ msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
++#: src/tools/sss_cache.c:721
++msgid "Invalidate all cached entries"
++msgstr "Invalidez toutes les entrées en cache"
+
+-#~ msgid "Specify the minimal SSF for LDAP sasl authorization"
+-#~ msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
++#: src/tools/sss_cache.c:723
++msgid "Invalidate particular user"
++msgstr "Invalider un utilisateur spécifique"
+
+-#~ msgid "Kerberos service keytab"
+-#~ msgstr "Service du fichier keytab de Kerberos"
++#: src/tools/sss_cache.c:725
++msgid "Invalidate all users"
++msgstr "Invalider tous les utilisateurs"
+
+-#~ msgid "Use Kerberos auth for LDAP connection"
+-#~ msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
++#: src/tools/sss_cache.c:727
++msgid "Invalidate particular group"
++msgstr "Invalider un groupe particulier"
+
+-#~ msgid "Follow LDAP referrals"
+-#~ msgstr "Suivre les référents LDAP"
++#: src/tools/sss_cache.c:729
++msgid "Invalidate all groups"
++msgstr "Invalider tous les groupes"
+
+-#~ msgid "Lifetime of TGT for LDAP connection"
+-#~ msgstr "Durée de vie du TGT pour la connexion LDAP"
++#: src/tools/sss_cache.c:731
++msgid "Invalidate particular netgroup"
++msgstr "Invalider un groupe réseau particulier"
+
+-#~ msgid "How to dereference aliases"
+-#~ msgstr "Comment déréférencer les alias"
++#: src/tools/sss_cache.c:733
++msgid "Invalidate all netgroups"
++msgstr "Invalider tous les groupes réseau"
+
+-#~ msgid "Service name for DNS service lookups"
+-#~ msgstr "Nom du service pour les recherches DNS"
++#: src/tools/sss_cache.c:735
++msgid "Invalidate particular service"
++msgstr "Invalidation d'un service particulier"
+
+-#~ msgid "The number of records to retrieve in a single LDAP query"
+-#~ msgstr ""
+-#~ "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
++#: src/tools/sss_cache.c:737
++msgid "Invalidate all services"
++msgstr "Invalidation de tous les services"
+
+-#~ msgid "The number of members that must be missing to trigger a full deref"
+-#~ msgstr ""
+-#~ "Nombre de membres qui doivent être manquants pour activer un "
+-#~ "déréférencement complet"
++#: src/tools/sss_cache.c:740
++msgid "Invalidate particular autofs map"
++msgstr "Invalidation d'une carte autofs particulière"
+
+-#~ msgid ""
+-#~ "Whether the LDAP library should perform a reverse lookup to canonicalize "
+-#~ "the host name during a SASL bind"
+-#~ msgstr ""
+-#~ "Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser "
+-#~ "le nom d'hôte pendant une connexion SASL ?"
++#: src/tools/sss_cache.c:742
++msgid "Invalidate all autofs maps"
++msgstr "Invalidation de toutes les cartes autofs"
+
+-#~ msgid "entryUSN attribute"
+-#~ msgstr "attribut entryUSN"
++#: src/tools/sss_cache.c:746
++msgid "Invalidate particular SSH host"
++msgstr "Invalider un hôte SSH particulier"
+
+-#~ msgid "lastUSN attribute"
+-#~ msgstr "attribut lastUSN"
++#: src/tools/sss_cache.c:748
++msgid "Invalidate all SSH hosts"
++msgstr "Invalider tous les hôtes SSH"
+
+-#~ msgid ""
+-#~ "How long to retain a connection to the LDAP server before disconnecting"
+-#~ msgstr ""
+-#~ "Combien de temps conserver la connexion au serveur LDAP avant de se "
+-#~ "déconnecter"
++#: src/tools/sss_cache.c:752
++msgid "Invalidate particular sudo rule"
++msgstr "Invalider une règle sudo particulière"
+
+-#~ msgid "Disable the LDAP paging control"
+-#~ msgstr "Désactiver le contrôle des pages LDAP"
++#: src/tools/sss_cache.c:754
++msgid "Invalidate all cached sudo rules"
++msgstr "Invalider toutes les règles sudo en cache"
+
+-#~ msgid "Disable Active Directory range retrieval"
+-#~ msgstr "Désactiver la récupération de plage Active Directory."
++#: src/tools/sss_cache.c:757
++msgid "Only invalidate entries from a particular domain"
++msgstr "N'invalider des entrées que d'un domaine spécifique"
+
+-#~ msgid "Length of time to wait for a search request"
+-#~ msgstr "Durée d'attente pour une requête de recherche"
++#: src/tools/sss_cache.c:811
++msgid ""
++"Unexpected argument(s) provided, options that invalidate a single object "
++"only accept a single provided argument.\n"
++msgstr ""
++"Argument(s) inattendu(s) fourni(s), les options qui invalident un seul objet "
++"n'acceptent qu'un seul argument fourni.\n"
+
+-#~ msgid "Length of time to wait for a enumeration request"
+-#~ msgstr "Durée d'attente pour une requête d'énumération"
++#: src/tools/sss_cache.c:821
++msgid "Please select at least one object to invalidate\n"
++msgstr "Merci de sélectionner au moins un objet à invalider\n"
+
+-#~ msgid "Length of time between enumeration updates"
+-#~ msgstr "Durée entre deux mises à jour d'énumération"
++#: src/tools/sss_cache.c:904
++#, c-format
++msgid ""
++"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
++"use fully qualified name instead of --domain/-d parameter.\n"
++msgstr ""
++"Impossible d'ouvrir le domaine %1$s. Si le domaine est un sous-domaine "
++"(domaine approuvé), utiliser le nom pleinement qualifié au lieu du paramètre "
++"--domain/-d.\n"
+
+-#~ msgid "Length of time between cache cleanups"
+-#~ msgstr "Durée entre les nettoyages de cache"
++#: src/tools/sss_cache.c:909
++msgid "Could not open available domains\n"
++msgstr "Impossible d'ouvrir aucun des domaines disponibles\n"
+
+-#~ msgid "Require TLS for ID lookups"
+-#~ msgstr "TLS est requis pour les recherches d'identifiants"
++#: src/tools/tools_util.c:202
++#, c-format
++msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
++msgstr ""
++"Le nom « %1$s » ne semble pas être un FQDN (« %2$s = TRUE » est configuré)\n"
+
+-#~ msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+-#~ msgstr ""
+-#~ "Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-"
+-#~ "établis"
++#: src/tools/tools_util.c:309
++msgid "Out of memory\n"
++msgstr "Mémoire saturée\n"
+
+-#~ msgid "Base DN for user lookups"
+-#~ msgstr "Base DN pour les recherches d'utilisateurs"
++#: src/tools/tools_util.h:40
++#, c-format
++msgid "%1$s must be run as root\n"
++msgstr "%1$s doit être lancé en tant que root\n"
+
+-#~ msgid "Scope of user lookups"
+-#~ msgstr "Scope des recherches d'utilisateurs"
++#: src/tools/sssctl/sssctl.c:35
++msgid "yes"
++msgstr "oui"
+
+-#~ msgid "Filter for user lookups"
+-#~ msgstr "Filtre pour les recherches d'utilisateurs"
++#: src/tools/sssctl/sssctl.c:37
++msgid "no"
++msgstr "non"
+
+-#~ msgid "Objectclass for users"
+-#~ msgstr "Classe d'objet pour les utilisateurs"
++#: src/tools/sssctl/sssctl.c:39
++msgid "error"
++msgstr "erreur"
+
+-#~ msgid "Username attribute"
+-#~ msgstr "Attribut de nom d'utilisateur"
++#: src/tools/sssctl/sssctl.c:42
++msgid "Invalid result."
++msgstr "Résultat non valide."
+
+-#~ msgid "UID attribute"
+-#~ msgstr "Attribut UID"
++#: src/tools/sssctl/sssctl.c:78
++msgid "Unable to read user input\n"
++msgstr "Impossible de lire l'entrée de l'utilisateur\n"
+
+-#~ msgid "Primary GID attribute"
+-#~ msgstr "Attribut de GID primaire"
++#: src/tools/sssctl/sssctl.c:91
++#, c-format
++msgid "Invalid input, please provide either '%s' or '%s'.\n"
++msgstr "Entrée non valable, veuillez fournir %s ou %s\n"
+
+-#~ msgid "GECOS attribute"
+-#~ msgstr "Attribut GECOS"
++#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
++msgid "Error while executing external command\n"
++msgstr "Erreur lors de l'exécution d'une commande externe\n"
+
+-#~ msgid "Home directory attribute"
+-#~ msgstr "Attribut de répertoire utilisateur"
++#: src/tools/sssctl/sssctl.c:156
++msgid "SSSD needs to be running. Start SSSD now?"
++msgstr "Le SSSD doit être exécuté. Démarrer le SSSD maintenant ?"
+
+-#~ msgid "Shell attribute"
+-#~ msgstr "Attribut d'interpréteur de commandes"
++#: src/tools/sssctl/sssctl.c:195
++msgid "SSSD must not be running. Stop SSSD now?"
++msgstr ""
++"Le SSSD ne doit pas être en cours d'exécution. Arrêter le SSSD maintenant ?"
+
+-#~ msgid "UUID attribute"
+-#~ msgstr "attribut UUID"
++#: src/tools/sssctl/sssctl.c:231
++msgid "SSSD needs to be restarted. Restart SSSD now?"
++msgstr "Le SSSD doit être relancé. Redémarrer SSSD maintenant ?"
+
+-#~ msgid "objectSID attribute"
+-#~ msgstr "attribut objectSID"
++#: src/tools/sssctl/sssctl_cache.c:31
++#, c-format
++msgid " %s is not present in cache.\n"
++msgstr " %s n'est pas présent dans le cache.\n"
+
+-#~ msgid "Active Directory primary group attribute for ID-mapping"
+-#~ msgstr "Groupe primaire Active Directory pour la correspondance d'ID"
++#: src/tools/sssctl/sssctl_cache.c:33
++msgid "Name"
++msgstr "Nom"
+
+-#~ msgid "User principal attribute (for Kerberos)"
+-#~ msgstr "Attribut d'utilisateur principal (pour Kerberos)"
++#: src/tools/sssctl/sssctl_cache.c:34
++msgid "Cache entry creation date"
++msgstr "Date de création de l'entrée en cache"
+
+-#~ msgid "Full Name"
+-#~ msgstr "Nom complet"
++#: src/tools/sssctl/sssctl_cache.c:35
++msgid "Cache entry last update time"
++msgstr "Heure de la dernière mise à jour de l'entrée du cache"
+
+-#~ msgid "memberOf attribute"
+-#~ msgstr "Attribut memberOf"
++#: src/tools/sssctl/sssctl_cache.c:36
++msgid "Cache entry expiration time"
++msgstr "Temps d'expiration de l'entrée du cache"
+
+-#~ msgid "Modification time attribute"
+-#~ msgstr "Attribut de date de modification"
++#: src/tools/sssctl/sssctl_cache.c:37
++msgid "Cached in InfoPipe"
++msgstr "Mise en cache dans InfoPipe"
+
+-#~ msgid "shadowLastChange attribute"
+-#~ msgstr "Attribut shadowLastChange"
++#: src/tools/sssctl/sssctl_cache.c:522
++#, c-format
++msgid "Error: Unable to get object [%d]: %s\n"
++msgstr "Erreur : Impossible d'obtenir l'objet [%d] : %s\n"
+
+-#~ msgid "shadowMin attribute"
+-#~ msgstr "Attribut shadowMin"
++#: src/tools/sssctl/sssctl_cache.c:538
++#, c-format
++msgid "%s: Unable to read value [%d]: %s\n"
++msgstr "%s: Impossible de lire la valeur [%d] : %s\n"
+
+-#~ msgid "shadowMax attribute"
+-#~ msgstr "Attribut shadowMax"
++#: src/tools/sssctl/sssctl_cache.c:566
++msgid "Specify name."
++msgstr "Indiquez le nom."
+
+-#~ msgid "shadowWarning attribute"
+-#~ msgstr "Attribut shadowWarning"
++#: src/tools/sssctl/sssctl_cache.c:576
++#, c-format
++msgid "Unable to parse name %s.\n"
++msgstr "Impossible d'analyser le nom %s.\n"
+
+-#~ msgid "shadowInactive attribute"
+-#~ msgstr "Attribut shadowInactive"
++#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
++msgid "Search by SID"
++msgstr "Recherche par SID"
+
+-#~ msgid "shadowExpire attribute"
+-#~ msgstr "Attribut shadowExpire"
++#: src/tools/sssctl/sssctl_cache.c:603
++msgid "Search by user ID"
++msgstr "Recherche par ID utilisateur"
+
+-#~ msgid "shadowFlag attribute"
+-#~ msgstr "Attribut shadowFlag"
++#: src/tools/sssctl/sssctl_cache.c:612
++msgid "Initgroups expiration time"
++msgstr "Délai d'expiration des initgroups"
+
+-#~ msgid "Attribute listing authorized PAM services"
+-#~ msgstr "Attribut listant les services PAM autorisés"
++#: src/tools/sssctl/sssctl_cache.c:650
++msgid "Search by group ID"
++msgstr "Recherche par ID de groupe"
+
+-#~ msgid "Attribute listing authorized server hosts"
+-#~ msgstr "Attribut listant les hôtes de serveurs autorisés"
++#: src/tools/sssctl/sssctl_config.c:112
++#, c-format
++msgid "Failed to open %s\n"
++msgstr "N’a pas pu ouvrir %s\n"
+
+-#~ msgid "Attribute listing authorized server rhosts"
+-#~ msgstr "Attribut listant les rhosts de serveurs autorisés"
++#: src/tools/sssctl/sssctl_config.c:117
++#, c-format
++msgid "File %1$s does not exist.\n"
++msgstr "Le fichier %1$s n’existe pas.\n"
+
+-#~ msgid "krbLastPwdChange attribute"
+-#~ msgstr "Attribut krbLastPwdChange"
++#: src/tools/sssctl/sssctl_config.c:121
++msgid ""
++"File ownership and permissions check failed. Expected root:root and 0600.\n"
++msgstr ""
++"La vérification de la propriété et des permissions des fichiers a échoué. "
++"Attendue : root:root et 0600.\n"
+
+-#~ msgid "krbPasswordExpiration attribute"
+-#~ msgstr "Attribut krbPasswordExpiration"
++#: src/tools/sssctl/sssctl_config.c:127
++#, c-format
++msgid "Failed to load configuration from %s.\n"
++msgstr ""
+
+-#~ msgid "Attribute indicating that server side password policies are active"
+-#~ msgstr ""
+-#~ "Attribut indiquant que la stratégie de mot de passe du serveur est active"
++#: src/tools/sssctl/sssctl_config.c:133
++msgid "Error while reading configuration directory.\n"
++msgstr "Erreur lors de la lecture du répertoire de configuration.\n"
+
+-#~ msgid "accountExpires attribute of AD"
+-#~ msgstr "Attribut AD accountExpires"
++#: src/tools/sssctl/sssctl_config.c:141
++msgid ""
++"There is no configuration. SSSD will use default configuration with files "
++"provider.\n"
++msgstr ""
++"Il n'y a pas de configuration. SSSD utilisera la configuration par défaut "
++"avec le fournisseur de fichiers.\n"
+
+-#~ msgid "userAccountControl attribute of AD"
+-#~ msgstr "Attribut AD userAccountControl"
++#: src/tools/sssctl/sssctl_config.c:153
++msgid "Failed to run validators"
++msgstr "Échec de l'exécution des validateurs"
+
+-#~ msgid "nsAccountLock attribute"
+-#~ msgstr "Attribut nsAccountLock"
++#: src/tools/sssctl/sssctl_config.c:157
++#, c-format
++msgid "Issues identified by validators: %zu\n"
++msgstr "Problèmes identifiés par les validateurs : %zu\n"
+
+-#~ msgid "loginDisabled attribute of NDS"
+-#~ msgstr "Attribut NDS loginDisabled"
++#: src/tools/sssctl/sssctl_config.c:168
++#, c-format
++msgid "Messages generated during configuration merging: %zu\n"
++msgstr "Messages générés lors de la fusion des configurations : %zu\n"
+
+-#~ msgid "loginExpirationTime attribute of NDS"
+-#~ msgstr "Attribut NDS loginExpirationTime"
++#: src/tools/sssctl/sssctl_config.c:179
++#, c-format
++msgid "Used configuration snippet files: %zu\n"
++msgstr "Fichiers de configuration utilisés : %zu\n"
+
+-#~ msgid "loginAllowedTimeMap attribute of NDS"
+-#~ msgstr "Attribut NDS loginAllowedTimeMap"
++#: src/tools/sssctl/sssctl_data.c:89
++#, c-format
++msgid "Unable to create backup directory [%d]: %s"
++msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s"
+
+-#~ msgid "SSH public key attribute"
+-#~ msgstr "Attribut de clé public SSH"
++#: src/tools/sssctl/sssctl_data.c:95
++msgid "SSSD backup of local data already exists, override?"
++msgstr "La sauvegarde SSSD des données locales existe déjà, la remplacer ?"
+
+-#~ msgid "attribute listing allowed authentication types for a user"
+-#~ msgstr ""
+-#~ "attribut énumérant les types d'authentification autorisés pour un "
+-#~ "utilisateur"
++#: src/tools/sssctl/sssctl_data.c:111
++msgid "Unable to export user overrides\n"
++msgstr "Impossible d'exporter les substitutions d'utilisateur\n"
+
+-#~ msgid "attribute containing the X509 certificate of the user"
+-#~ msgstr "attribut contenant le certificat X509 de l'utilisateur"
++#: src/tools/sssctl/sssctl_data.c:118
++msgid "Unable to export group overrides\n"
++msgstr "Impossible d'exporter les substitutions de groupes\n"
+
+-#~ msgid "attribute containing the email address of the user"
+-#~ msgstr "attribut contenant l’adresse email de l'utilisateur"
++#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
++msgid "Override existing backup"
++msgstr "Remplacer la sauvegarde existante"
+
+-#~ msgid "A list of extra attributes to download along with the user entry"
+-#~ msgstr ""
+-#~ "Une liste des attributs supplémentaires à télécharger avec l'entrée de "
+-#~ "l'utilisateur"
++#: src/tools/sssctl/sssctl_data.c:164
++msgid "Unable to import user overrides\n"
++msgstr "Impossible d'importer les substitutions d'utilisateur\n"
+
+-#~ msgid "Base DN for group lookups"
+-#~ msgstr "DN de base pour les recherches de groupes"
++#: src/tools/sssctl/sssctl_data.c:173
++msgid "Unable to import group overrides\n"
++msgstr "Impossible d'importer les substitutions de groupes\n"
+
+-#~ msgid "Objectclass for groups"
+-#~ msgstr "Classe d'objet pour les groupes"
++#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
++#: src/tools/sssctl/sssctl_domains.c:328
++msgid "Start SSSD if it is not running"
++msgstr "Démarrer SSSD s'il n'est pas en cours d'exécution"
+
+-#~ msgid "Group name"
+-#~ msgstr "Nom du groupe"
++#: src/tools/sssctl/sssctl_data.c:195
++msgid "Restart SSSD after data import"
++msgstr "Redémarrer SSSD après l'importation des données"
+
+-#~ msgid "Group password"
+-#~ msgstr "Mot de passe du groupe"
++#: src/tools/sssctl/sssctl_data.c:218
++msgid "Create clean cache files and import local data"
++msgstr "Créer des fichiers de cache propres et importer des données locales"
+
+-#~ msgid "GID attribute"
+-#~ msgstr "Attribut GID"
++#: src/tools/sssctl/sssctl_data.c:219
++msgid "Stop SSSD before removing the cache"
++msgstr "Arrêtez SSSD avant de supprimer le cache"
+
+-#~ msgid "Group member attribute"
+-#~ msgstr "Attribut membre du groupe"
++#: src/tools/sssctl/sssctl_data.c:220
++msgid "Start SSSD when the cache is removed"
++msgstr "Démarrer SSSD lorsque le cache est supprimé"
+
+-#~ msgid "Group UUID attribute"
+-#~ msgstr "attribut de l'UUID du groupe"
++#: src/tools/sssctl/sssctl_data.c:235
++msgid "Creating backup of local data...\n"
++msgstr "Création d'une sauvegarde des données locales...\n"
+
+-#~ msgid "Modification time attribute for groups"
+-#~ msgstr "Attribut de date de modification pour les groupes"
++#: src/tools/sssctl/sssctl_data.c:238
++msgid "Unable to create backup of local data, can not remove the cache.\n"
++msgstr ""
++"Impossible de créer une sauvegarde des données locales, impossible de "
++"supprimer le cache.\n"
+
+-#~ msgid "Type of the group and other flags"
+-#~ msgstr "Type de groupe et autres indicateurs"
++#: src/tools/sssctl/sssctl_data.c:243
++msgid "Removing cache files...\n"
++msgstr "Suppression des fichiers de cache...\n"
+
+-#~ msgid "The LDAP group external member attribute"
+-#~ msgstr "L'attribut de membre externe du groupe LDAP"
++#: src/tools/sssctl/sssctl_data.c:246
++msgid "Unable to remove cache files\n"
++msgstr "Impossible de supprimer les fichiers de cache\n"
+
+-#~ msgid "Maximum nesting level SSSD will follow"
+-#~ msgstr "Le niveau d'imbrication maximal du SSSD suivra"
++#: src/tools/sssctl/sssctl_data.c:251
++msgid "Restoring local data...\n"
++msgstr "Restauration des données locales...\n"
+
+-#~ msgid "Base DN for netgroup lookups"
+-#~ msgstr "DN de base pour les recherches de netgroup"
++#: src/tools/sssctl/sssctl_domains.c:83
++msgid "Show domain list including primary or trusted domain type"
++msgstr ""
++"Afficher la liste des domaines, y compris le type de domaine principal ou de "
++"confiance"
+
+-#~ msgid "Objectclass for netgroups"
+-#~ msgstr "Classe d'objet pour les groupes réseau"
++#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
++#: src/tools/sssctl/sssctl_user_checks.c:95
++msgid "Unable to connect to system bus!\n"
++msgstr "Impossible de se connecter au bus système !\n"
+
+-#~ msgid "Netgroup name"
+-#~ msgstr "Nom du groupe réseau"
++#: src/tools/sssctl/sssctl_domains.c:167
++msgid "Online"
++msgstr "En ligne"
+
+-#~ msgid "Netgroups members attribute"
+-#~ msgstr "Attribut des membres des groupes réseau"
++#: src/tools/sssctl/sssctl_domains.c:167
++msgid "Offline"
++msgstr "Hors ligne"
+
+-#~ msgid "Netgroup triple attribute"
+-#~ msgstr "Attribut triplet du groupe réseau"
++#: src/tools/sssctl/sssctl_domains.c:167
++#, c-format
++msgid "Online status: %s\n"
++msgstr "Statut en ligne : %s\n"
+
+-#~ msgid "Modification time attribute for netgroups"
+-#~ msgstr "Attribut date de modification pour les groupes réseau"
++#: src/tools/sssctl/sssctl_domains.c:213
++msgid "This domain has no active servers.\n"
++msgstr "Ce domaine n'a pas de serveurs actifs.\n"
+
+-#~ msgid "Base DN for service lookups"
+-#~ msgstr "Nom de domaine (DN) de base pour les recherches de service"
++#: src/tools/sssctl/sssctl_domains.c:218
++msgid "Active servers:\n"
++msgstr "Serveurs actifs :\n"
+
+-#~ msgid "Objectclass for services"
+-#~ msgstr "Classe objet pour les services"
++#: src/tools/sssctl/sssctl_domains.c:230
++msgid "not connected"
++msgstr "non connecté"
+
+-#~ msgid "Service name attribute"
+-#~ msgstr "Attribut de nom de service"
++#: src/tools/sssctl/sssctl_domains.c:267
++msgid "No servers discovered.\n"
++msgstr "Aucun serveur découvert.\n"
+
+-#~ msgid "Service port attribute"
+-#~ msgstr "Attribut de port du service"
++#: src/tools/sssctl/sssctl_domains.c:273
++#, c-format
++msgid "Discovered %s servers:\n"
++msgstr "%s serveurs découverts :\n"
+
+-#~ msgid "Service protocol attribute"
+-#~ msgstr "Attribut de service du protocole"
++#: src/tools/sssctl/sssctl_domains.c:285
++msgid "None so far.\n"
++msgstr "Aucun pour l'instant.\n"
+
+-#~ msgid "Lower bound for ID-mapping"
+-#~ msgstr "Limite inférieure pour la correspondance d'ID"
++#: src/tools/sssctl/sssctl_domains.c:325
++msgid "Show online status"
++msgstr "Afficher le statut en ligne"
+
+-#~ msgid "Upper bound for ID-mapping"
+-#~ msgstr "Limite supérieure pour la correspondance d'ID"
++#: src/tools/sssctl/sssctl_domains.c:326
++msgid "Show information about active server"
++msgstr "Afficher les informations sur le serveur actif"
+
+-#~ msgid "Number of IDs for each slice when ID-mapping"
+-#~ msgstr "Nombre d'ID par tranche pour la correspondance d'ID"
++#: src/tools/sssctl/sssctl_domains.c:327
++msgid "Show list of discovered servers"
++msgstr "Afficher la liste des serveurs découverts"
+
+-#~ msgid "Use autorid-compatible algorithm for ID-mapping"
+-#~ msgstr ""
+-#~ "Utilisation d'un algorithme compatible autorid pour la correspondance d'ID"
++#: src/tools/sssctl/sssctl_domains.c:333
++msgid "Specify domain name."
++msgstr "Indiquer le nom de domaine."
+
+-#~ msgid "Name of the default domain for ID-mapping"
+-#~ msgstr "Nom du domaine par défaut pour la correspondance d'ID"
++#: src/tools/sssctl/sssctl_domains.c:355
++msgid "Out of memory!\n"
++msgstr "Plus de mémoire disponible !\n"
+
+-#~ msgid "SID of the default domain for ID-mapping"
+-#~ msgstr "SID du domaine par défaut pour la correspondance d'ID"
++#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
++msgid "Unable to get online status\n"
++msgstr "Impossible d'obtenir le statut en ligne\n"
+
+-#~ msgid "Number of secondary slices"
+-#~ msgstr "Nombre de tranches secondaires"
++#: src/tools/sssctl/sssctl_domains.c:395
++msgid "Unable to get server list\n"
++msgstr "Impossible d'obtenir la liste des serveurs\n"
+
+-#~ msgid "Whether to use Token-Groups"
+-#~ msgstr "Choisir d'utiliser ou non les groupes de jetons"
++#: src/tools/sssctl/sssctl_logs.c:46
++msgid "\n"
++msgstr "\n"
+
+-#~ msgid "Set lower boundary for allowed IDs from the LDAP server"
+-#~ msgstr ""
+-#~ "Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP"
++#: src/tools/sssctl/sssctl_logs.c:236
++msgid "Delete log files instead of truncating"
++msgstr "Supprimer les fichiers de log au lieu de tronquer"
+
+-#~ msgid "Set upper boundary for allowed IDs from the LDAP server"
+-#~ msgstr ""
+-#~ "Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP"
++#: src/tools/sssctl/sssctl_logs.c:247
++msgid "Deleting log files...\n"
++msgstr "Suppression des fichiers journaux...\n"
+
+-#~ msgid "DN for ppolicy queries"
+-#~ msgstr "DN pour les requêtes sur ppolicy"
++#: src/tools/sssctl/sssctl_logs.c:250
++msgid "Unable to remove log files\n"
++msgstr "Impossible de supprimer les fichiers journaux\n"
+
+-#~ msgid "How many maximum entries to fetch during a wildcard request"
+-#~ msgstr ""
+-#~ "Combien d'entrées maximum à récupérer lors d'une demande de wildcard"
++#: src/tools/sssctl/sssctl_logs.c:256
++msgid "Truncating log files...\n"
++msgstr "Troncature des fichiers de journalisation...\n"
+
+-#~ msgid "Policy to evaluate the password expiration"
+-#~ msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
++#: src/tools/sssctl/sssctl_logs.c:259
++msgid "Unable to truncate log files\n"
++msgstr "Impossible de tronquer les fichiers de journalisation\n"
+
+-#~ msgid "Which attributes shall be used to evaluate if an account is expired"
+-#~ msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
++#: src/tools/sssctl/sssctl_logs.c:285
++msgid "Out of memory!"
++msgstr "Plus de mémoire disponible !"
+
+-#~ msgid "Which rules should be used to evaluate access control"
+-#~ msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
++#: src/tools/sssctl/sssctl_logs.c:288
++#, c-format
++msgid "Archiving log files into %s...\n"
++msgstr "Archivage des fichiers journaux dans %s...\n"
+
+-#~ msgid "URI of an LDAP server where password changes are allowed"
+-#~ msgstr ""
+-#~ "URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
++#: src/tools/sssctl/sssctl_logs.c:291
++msgid "Unable to archive log files\n"
++msgstr "Impossible d'archiver les fichiers journaux\n"
+
+-#~ msgid "URI of a backup LDAP server where password changes are allowed"
+-#~ msgstr ""
+-#~ "URI d'un serveur LDAP de secours où sont autorisées les modifications de "
+-#~ "mot de passe"
++#: src/tools/sssctl/sssctl_logs.c:316
++msgid "Specify debug level you want to set"
++msgstr "Spécifiez le niveau de débogage que vous souhaitez définir"
+
+-#~ msgid "DNS service name for LDAP password change server"
+-#~ msgstr ""
+-#~ "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
++#: src/tools/sssctl/sssctl_user_checks.c:117
++msgid "SSSD InfoPipe user lookup result:\n"
++msgstr "Résultat de la recherche de l'utilisateur SSSD InfoPipe :\n"
+
+-#~ msgid ""
+-#~ "Whether to update the ldap_user_shadow_last_change attribute after a "
+-#~ "password change"
+-#~ msgstr ""
+-#~ "Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un "
+-#~ "changement de mot de passe"
++#: src/tools/sssctl/sssctl_user_checks.c:167
++#, c-format
++msgid "dlopen failed with [%s].\n"
++msgstr "dlopen a échoué avec [%s].\n"
+
+-#~ msgid "Base DN for sudo rules lookups"
+-#~ msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:174
++#, c-format
++msgid "dlsym failed with [%s].\n"
++msgstr "dlopen a échoué avec [%s].\n"
+
+-#~ msgid "Automatic full refresh period"
+-#~ msgstr "Périodicité de rafraichissement total"
++#: src/tools/sssctl/sssctl_user_checks.c:182
++msgid "malloc failed.\n"
++msgstr "malloc a échoué.\n"
+
+-#~ msgid "Automatic smart refresh period"
+-#~ msgstr "Périodicité de rafraichissement intelligent"
++#: src/tools/sssctl/sssctl_user_checks.c:189
++#, c-format
++msgid "sss_getpwnam_r failed with [%d].\n"
++msgstr "sss_getpwnam_r a échoué avec [%d].\n"
+
+-#~ msgid "Whether to filter rules by hostname, IP addresses and network"
+-#~ msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux"
++#: src/tools/sssctl/sssctl_user_checks.c:194
++msgid "SSSD nss user lookup result:\n"
++msgstr "Résultat de la recherche de l'utilisateur SSSD nss :\n"
+
+-#~ msgid ""
+-#~ "Hostnames and/or fully qualified domain names of this machine to filter "
+-#~ "sudo rules"
+-#~ msgstr ""
+-#~ "Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour "
+-#~ "filtrer les règles sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:195
++#, c-format
++msgid " - user name: %s\n"
++msgstr " - user name: %s\n"
+
+-#~ msgid ""
+-#~ "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
+-#~ msgstr ""
+-#~ "Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles "
+-#~ "sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:196
++#, c-format
++msgid " - user id: %d\n"
++msgstr " - user id: %d\n"
+
+-#~ msgid "Whether to include rules that contains netgroup in host attribute"
+-#~ msgstr ""
+-#~ "Inclure ou non les règles qui contiennent un netgroup dans l'attribut host"
++#: src/tools/sssctl/sssctl_user_checks.c:197
++#, c-format
++msgid " - group id: %d\n"
++msgstr " - group id: %d\n"
+
+-#~ msgid ""
+-#~ "Whether to include rules that contains regular expression in host "
+-#~ "attribute"
+-#~ msgstr ""
+-#~ "Inclure ou non les règles qui contiennent une expression rationnelle dans "
+-#~ "l'attribut host"
++#: src/tools/sssctl/sssctl_user_checks.c:198
++#, c-format
++msgid " - gecos: %s\n"
++msgstr " - gecos: %s\n"
+
+-#~ msgid "Object class for sudo rules"
+-#~ msgstr "Classe objet pour les règles sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:199
++#, c-format
++msgid " - home directory: %s\n"
++msgstr " - home directory: %s\n"
+
+-#~ msgid "Name of attribute that is used as object class for sudo rules"
+-#~ msgstr ""
+-#~ "Nom de l'attribut qui est utilisé comme classe d'objet pour les règles "
+-#~ "sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:200
++#, c-format
++msgid " - shell: %s\n"
++"\n"
++msgstr " - shell: %s\n"
++"\n"
+
+-#~ msgid "Sudo rule name"
+-#~ msgstr "Règle de nom sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:232
++msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
++msgstr "Action PAM [auth|acct|setc|chau|open|clos], par défaut : "
+
+-#~ msgid "Sudo rule command attribute"
+-#~ msgstr "Attribut de commande de règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:235
++msgid "PAM service, default: "
++msgstr "Service PAM, par défaut : "
+
+-#~ msgid "Sudo rule host attribute"
+-#~ msgstr "Attribut hôte de la règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:240
++msgid "Specify user name."
++msgstr "Spécifiez le nom d'utilisateur."
+
+-#~ msgid "Sudo rule user attribute"
+-#~ msgstr "Attribut utilisateur de la règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:247
++#, c-format
++msgid "user: %s\n"
++"action: %s\n"
++"service: %s\n"
++"\n"
++msgstr "utilisateur: %s\n"
++"action: %s\n"
++"service: %s\n"
++"\n"
+
+-#~ msgid "Sudo rule option attribute"
+-#~ msgstr "Attribut option de la règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:252
++#, c-format
++msgid "User name lookup with [%s] failed.\n"
++msgstr "La recherche de nom d'utilisateur avec [%s] a échoué.\n"
+
+-#~ msgid "Sudo rule runas attribute"
+-#~ msgstr "Attribut de règle sudo runas"
++#: src/tools/sssctl/sssctl_user_checks.c:257
++#, c-format
++msgid "InfoPipe User lookup with [%s] failed.\n"
++msgstr "La recherche de l'utilisateur InfoPipe avec [%s] a échoué.\n"
+
+-#~ msgid "Sudo rule runasuser attribute"
+-#~ msgstr "Attribut runasuser de la règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:263
++#, c-format
++msgid "pam_start failed: %s\n"
++msgstr "pam_start a échoué : %s\n"
+
+-#~ msgid "Sudo rule runasgroup attribute"
+-#~ msgstr "Attribut runasgroup de la règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:268
++msgid "testing pam_authenticate\n"
++"\n"
++msgstr "test de pam_authenticate\n"
++"\n"
+
+-#~ msgid "Sudo rule notbefore attribute"
+-#~ msgstr "Attribut notbefore de la règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:272
++#, c-format
++msgid "pam_get_item failed: %s\n"
++msgstr "pam_get_item a échoué : %s\n"
+
+-#~ msgid "Sudo rule notafter attribute"
+-#~ msgstr "Attribut notafter de règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:275
++#, c-format
++msgid "pam_authenticate for user [%s]: %s\n"
++"\n"
++msgstr "pam_authenticate pour l'utilisateur [%s] : %s\n"
+
+-#~ msgid "Sudo rule order attribute"
+-#~ msgstr "Attribut d'ordre de règle sudo"
++#: src/tools/sssctl/sssctl_user_checks.c:278
++msgid "testing pam_chauthtok\n"
++"\n"
++msgstr "test pam_chauthtok\n"
++"\n"
+
+-#~ msgid "Object class for automounter maps"
+-#~ msgstr "Classe objet pour la carte de montage automatique"
++#: src/tools/sssctl/sssctl_user_checks.c:280
++#, c-format
++msgid "pam_chauthtok: %s\n"
++"\n"
++msgstr "pam_chauthtok: %s\n"
++"\n"
+
+-#~ msgid "Automounter map name attribute"
+-#~ msgstr "Nom de l'attribut de carte de montage automatique"
++#: src/tools/sssctl/sssctl_user_checks.c:282
++msgid "testing pam_acct_mgmt\n"
++"\n"
++msgstr "test de pam_acct_mgmt\n"
++"\n"
+
+-#~ msgid "Object class for automounter map entries"
+-#~ msgstr "Classe objet pour l'entrée de référence de montage automatique"
++#: src/tools/sssctl/sssctl_user_checks.c:284
++#, c-format
++msgid "pam_acct_mgmt: %s\n"
++"\n"
++msgstr "pam_acct_mgmt: %s\n"
++"\n"
+
+-#~ msgid "Automounter map entry key attribute"
+-#~ msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
++#: src/tools/sssctl/sssctl_user_checks.c:286
++msgid "testing pam_setcred\n"
++"\n"
++msgstr "test de pam_setcred\n"
++"\n"
+
+-#~ msgid "Automounter map entry value attribute"
+-#~ msgstr "Attribut de valeur pour la carte de montage automatique"
++#: src/tools/sssctl/sssctl_user_checks.c:288
++#, c-format
++msgid "pam_setcred: [%s]\n"
++"\n"
++msgstr "pam_setcred: [%s]\n"
++"\n"
+
+-#~ msgid "Base DN for automounter map lookups"
+-#~ msgstr "Base DN pour les requêtes de carte de montage automatique"
++#: src/tools/sssctl/sssctl_user_checks.c:290
++msgid "testing pam_open_session\n"
++"\n"
++msgstr "test pam_open_session\n"
++"\n"
+
+-#~ msgid "Comma separated list of allowed users"
+-#~ msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
++#: src/tools/sssctl/sssctl_user_checks.c:292
++#, c-format
++msgid "pam_open_session: %s\n"
++"\n"
++msgstr "pam_open_session: %s\n"
++"\n"
+
+-#~ msgid "Comma separated list of prohibited users"
+-#~ msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
++#: src/tools/sssctl/sssctl_user_checks.c:294
++msgid "testing pam_close_session\n"
++"\n"
++msgstr "test pam_close_session\n"
++"\n"
+
+-#~ msgid "Default shell, /bin/bash"
+-#~ msgstr "Interpréteur de commande par défaut : /bin/bash"
++#: src/tools/sssctl/sssctl_user_checks.c:296
++#, c-format
++msgid "pam_close_session: %s\n"
++"\n"
++msgstr "pam_close_session: %s\n"
++"\n"
+
+-#~ msgid "Base for home directories"
+-#~ msgstr "Base pour les répertoires utilisateur"
++#: src/tools/sssctl/sssctl_user_checks.c:298
++msgid "unknown action\n"
++msgstr "action inconnue\n"
+
+-#~ msgid "The number of preforked proxy children."
+-#~ msgstr "Le nombre d'enfants proxy pré-fourche."
++#: src/tools/sssctl/sssctl_user_checks.c:301
++msgid "PAM Environment:\n"
++msgstr "Environnement PAM :\n"
+
+-#~ msgid "The name of the NSS library to use"
+-#~ msgstr "Nom de la bibliothèque NSS à utiliser"
++#: src/tools/sssctl/sssctl_user_checks.c:309
++msgid " - no env -\n"
++msgstr " - no env -\n"
+
+-#~ msgid "Whether to look up canonical group name from cache if possible"
+-#~ msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
++#: src/util/util.h:82
++msgid "The user ID to run the server as"
++msgstr "L'identifiant utilisateur sous lequel faire tourner le serveur"
+
+-#~ msgid "PAM stack to use"
+-#~ msgstr "Pile PAM à utiliser"
++#: src/util/util.h:84
++msgid "The group ID to run the server as"
++msgstr "L'identifiant de groupe sous lequel faire tourner le serveur"
+
+-#~ msgid "Path of passwd file sources."
+-#~ msgstr "Chemin des sources des fichiers passwd."
++#: src/util/util.h:92
++msgid "Informs that the responder has been socket-activated"
++msgstr "Informe que le répondeur a été activé par un socket"
+
+-#~ msgid "Path of group file sources."
+-#~ msgstr "Chemin des sources des fichiers de groupe."
++#: src/util/util.h:94
++msgid "Informs that the responder has been dbus-activated"
++msgstr "Informe que le répondeur a été activé par un dbus"
+diff --git a/po/ja.po b/po/ja.po
+index 503ece1de..a5156184c 100644
+--- a/po/ja.po
++++ b/po/ja.po
+@@ -12,2597 +12,3161 @@ msgid ""
+ msgstr ""
+ "Project-Id-Version: PACKAGE VERSION\n"
+ "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+-"POT-Creation-Date: 2020-05-19 12:05+0200\n"
+-"PO-Revision-Date: 2020-05-19 10:06+0000\n"
+-"Last-Translator: Pavel Brezina <pbrezina@redhat.com>\n"
+-"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
+-"ja/)\n"
+-"Language: ja\n"
++"POT-Creation-Date: 2020-06-17 22:51+0200\n"
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
++"PO-Revision-Date: 2020-06-18 09:13+0000\n"
++"Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
++"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
++"ja/)\n"
++"Language: ja\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+ "X-Generator: Zanata 4.6.2\n"
+
+-#: src/monitor/monitor.c:2371
+-msgid "Become a daemon (default)"
+-msgstr "デーモンとして実行(デフォルト)"
++#: src/config/SSSDConfig/sssdoptions.py:20
++#: src/config/SSSDConfig/sssdoptions.py:21
++msgid "Set the verbosity of the debug logging"
++msgstr "デバッグのロギングの冗長性を設定する"
+
+-#: src/monitor/monitor.c:2373
+-msgid "Run interactive (not a daemon)"
+-msgstr "対話的に実行(デーモンではない)"
++#: src/config/SSSDConfig/sssdoptions.py:22
++msgid "Include timestamps in debug logs"
++msgstr "デバッグログにタイムスタンプを含める"
+
+-#: src/monitor/monitor.c:2376
+-msgid "Disable netlink interface"
+-msgstr "netlink インターフェースを無効にする"
++#: src/config/SSSDConfig/sssdoptions.py:23
++msgid "Include microseconds in timestamps in debug logs"
++msgstr "デバッグログにミリ秒単位のタイムスタンプを含める"
+
+-#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_logs.c:310
+-msgid "Specify a non-default config file"
+-msgstr "非標準の設定ファイルの指定"
++#: src/config/SSSDConfig/sssdoptions.py:24
++msgid "Write debug messages to logfiles"
++msgstr "デバッグメッセージをログファイルに書き込む"
+
+-#: src/monitor/monitor.c:2380
+-msgid "Refresh the configuration database, then exit"
+-msgstr "設定データベースをリフレッシュし、その後終了します"
++#: src/config/SSSDConfig/sssdoptions.py:25
++msgid "Watchdog timeout before restarting service"
++msgstr "サービス再起動前の Watchdog タイムアウト"
+
+-#: src/monitor/monitor.c:2383
+-msgid "Similar to --genconf, but only refreshes the given section"
+-msgstr "--genconf と似ていますが、任意のセクションのみをリフレッシュします"
++#: src/config/SSSDConfig/sssdoptions.py:26
++msgid "Command to start service"
++msgstr "サービス開始のコマンド"
+
+-#: src/monitor/monitor.c:2386
+-msgid "Print version number and exit"
+-msgstr "バージョン番号を表示して終了する"
++#: src/config/SSSDConfig/sssdoptions.py:27
++msgid "Number of times to attempt connection to Data Providers"
++msgstr "データプロバイダーの接続を試行する回数"
+
+-#: src/monitor/monitor.c:2532
+-msgid "SSSD is already running\n"
+-msgstr "SSSD はすでに実行中です\n"
++#: src/config/SSSDConfig/sssdoptions.py:28
++msgid "The number of file descriptors that may be opened by this responder"
++msgstr "このレスポンダーににより開かれるファイル記述子の数"
+
+-#: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
+-msgid "Debug level"
+-msgstr "デバッグレベル"
++#: src/config/SSSDConfig/sssdoptions.py:29
++msgid "Idle time before automatic disconnection of a client"
++msgstr "クライアントの自動切断までのアイドル時間"
+
+-#: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
+-msgid "Add debug timestamps"
+-msgstr "デバッグのタイムスタンプを追加する"
++#: src/config/SSSDConfig/sssdoptions.py:30
++msgid "Idle time before automatic shutdown of the responder"
++msgstr "レスポンダーの自動シャットダウンまでのアイドル時間"
+
+-#: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
+-msgid "Show timestamps with microseconds"
+-msgstr "タイムスタンプをミリ秒単位で表示する"
++#: src/config/SSSDConfig/sssdoptions.py:31
++msgid "Always query all the caches before querying the Data Providers"
++msgstr "データプロバイダーをクエリーする前に、常にすべてのキャッシュをクエリーします"
+
+-#: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
+-msgid "An open file descriptor for the debug logs"
+-msgstr "デバッグログのオープンファイルディスクリプター"
++#: src/config/SSSDConfig/sssdoptions.py:32
++msgid ""
++"When SSSD switches to offline mode the amount of time before it tries to go "
++"back online will increase based upon the time spent disconnected. This value "
++"is in seconds and calculated by the following: offline_timeout + "
++"random_offset."
++msgstr ""
+
+-#: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
+-msgid "Send the debug output to stderr directly."
+-msgstr "デバッグ出力を stderr に直接送信します。"
++#: src/config/SSSDConfig/sssdoptions.py:38
++msgid ""
++"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
++"version 2."
++msgstr ""
++"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
++"version 2."
+
+-#: src/providers/krb5/krb5_child.c:3245
+-msgid "The user to create FAST ccache as"
+-msgstr "次のように FAST ccache を作成するユーザー"
++#: src/config/SSSDConfig/sssdoptions.py:39
++msgid "SSSD Services to start"
++msgstr "開始する SSSD サービス"
+
+-#: src/providers/krb5/krb5_child.c:3247
+-msgid "The group to create FAST ccache as"
+-msgstr "次のように FAST ccache を作成するグループ"
++#: src/config/SSSDConfig/sssdoptions.py:40
++msgid "SSSD Domains to start"
++msgstr "開始する SSSD ドメイン"
+
+-#: src/providers/krb5/krb5_child.c:3249
+-msgid "Kerberos realm to use"
+-msgstr "使用する Kerberos レルム"
++#: src/config/SSSDConfig/sssdoptions.py:41
++msgid "Timeout for messages sent over the SBUS"
++msgstr "SBUS 経由のメッセージ送信のタイムアウト"
+
+-#: src/providers/krb5/krb5_child.c:3251
+-msgid "Requested lifetime of the ticket"
+-msgstr "チケットの要求された有効期間"
++#: src/config/SSSDConfig/sssdoptions.py:42
++msgid "Regex to parse username and domain"
++msgstr "ユーザー名とドメインを構文解析する正規表現"
+
+-#: src/providers/krb5/krb5_child.c:3253
+-msgid "Requested renewable lifetime of the ticket"
+-msgstr "チケットの要求された更新可能な有効期間"
++#: src/config/SSSDConfig/sssdoptions.py:43
++msgid "Printf-compatible format for displaying fully-qualified names"
++msgstr "完全修飾名を表示するための printf 互換の形式"
+
+-#: src/providers/krb5/krb5_child.c:3255
+-msgid "FAST options ('never', 'try', 'demand')"
+-msgstr "FAST のオプション ('never'、'try'、'demand')"
++#: src/config/SSSDConfig/sssdoptions.py:44
++msgid ""
++"Directory on the filesystem where SSSD should store Kerberos replay cache "
++"files."
++msgstr "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレクトリーです。"
+
+-#: src/providers/krb5/krb5_child.c:3258
+-msgid "Specifies the server principal to use for FAST"
+-msgstr "FAST で使用するサーバープリンシパルを指定します"
++#: src/config/SSSDConfig/sssdoptions.py:45
++msgid "Domain to add to names without a domain component."
++msgstr "domain 要素なしで追加するドメインの名前。"
+
+-#: src/providers/krb5/krb5_child.c:3260
+-msgid "Requests canonicalization of the principal name"
+-msgstr "プリンシパル名の正規化を要求します"
++#: src/config/SSSDConfig/sssdoptions.py:46
++msgid "The user to drop privileges to"
++msgstr "ユーザーが特権を停止します"
+
+-#: src/providers/krb5/krb5_child.c:3262
+-msgid "Use custom version of krb5_get_init_creds_password"
+-msgstr "krb5_get_init_creds_password のカスタムバージョンを使用します"
++#: src/config/SSSDConfig/sssdoptions.py:47
++msgid "Tune certificate verification"
++msgstr "証明書検証の調整"
+
+-#: src/providers/data_provider_be.c:674
+-msgid "Domain of the information provider (mandatory)"
+-msgstr "情報プロバイダーのドメイン (必須)"
++#: src/config/SSSDConfig/sssdoptions.py:48
++msgid "All spaces in group or user names will be replaced with this character"
++msgstr "グループ名またはユーザー名のすべてのスペースは、この文字に置き換えられます"
+
+-#: src/sss_client/common.c:1079
+-msgid "Privileged socket has wrong ownership or permissions."
+-msgstr "特権ソケットの所有者またはパーミッションが誤っています。"
++#: src/config/SSSDConfig/sssdoptions.py:49
++msgid "Tune sssd to honor or ignore netlink state changes"
++msgstr "SSSD を調整し、netlink の状態変更を尊重するか、または無視します"
+
+-#: src/sss_client/common.c:1082
+-msgid "Public socket has wrong ownership or permissions."
+-msgstr "公開ソケットの所有者またはパーミッションが誤っています。"
++#: src/config/SSSDConfig/sssdoptions.py:50
++msgid "Enable or disable the implicit files domain"
++msgstr "暗黙のファイルドメインを有効化または無効化する"
+
+-#: src/sss_client/common.c:1085
+-msgid "Unexpected format of the server credential message."
+-msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。"
++#: src/config/SSSDConfig/sssdoptions.py:51
++msgid "A specific order of the domains to be looked up"
++msgstr "検索するドメインの特定の順番"
+
+-#: src/sss_client/common.c:1088
+-msgid "SSSD is not run by root."
+-msgstr "SSSD は root により実行されません。"
++#: src/config/SSSDConfig/sssdoptions.py:52
++msgid ""
++"Controls if SSSD should monitor the state of resolv.conf to identify when it "
++"needs to update its internal DNS resolver."
++msgstr ""
+
+-#: src/sss_client/common.c:1091
+-msgid "SSSD socket does not exist."
+-msgstr "SSSD ソケットは存在しません。"
++#: src/config/SSSDConfig/sssdoptions.py:54
++msgid ""
++"SSSD monitors the state of resolv.conf to identify when it needs to update "
++"its internal DNS resolver. By default, we will attempt to use inotify for "
++"this, and will fall back to polling resolv.conf every five seconds if "
++"inotify cannot be used."
++msgstr ""
++"SSSD monitors the state of resolv.conf to identify when it needs to update "
++"its internal DNS resolver. By default, we will attempt to use inotify for "
++"this, and will fall back to polling resolv.conf every five seconds if "
++"inotify cannot be used."
+
+-#: src/sss_client/common.c:1094
+-msgid "Cannot get stat of SSSD socket."
+-msgstr "SSSD ソケットの統計を取得できません。"
++#: src/config/SSSDConfig/sssdoptions.py:59
++msgid "Enumeration cache timeout length (seconds)"
++msgstr "列挙キャッシュのタイムアウト(秒)"
+
+-#: src/sss_client/common.c:1099
+-msgid "An error occurred, but no description can be found."
+-msgstr "エラーが発生しましたが、説明がありませんでした。"
++#: src/config/SSSDConfig/sssdoptions.py:60
++msgid "Entry cache background update timeout length (seconds)"
++msgstr "エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)"
+
+-#: src/sss_client/common.c:1105
+-msgid "Unexpected error while looking for an error description"
+-msgstr "エラーの説明を検索中に予期しないエラーが発生しました"
++#: src/config/SSSDConfig/sssdoptions.py:61
++#: src/config/SSSDConfig/sssdoptions.py:112
++msgid "Negative cache timeout length (seconds)"
++msgstr "ネガティブキャッシュのタイムアウト(秒)"
+
+-#: src/sss_client/pam_sss.c:68
+-msgid "Permission denied. "
+-msgstr "パーミッションが拒否されました。"
++#: src/config/SSSDConfig/sssdoptions.py:62
++msgid "Files negative cache timeout length (seconds)"
++msgstr "ファイルネガティブキャッシュのタイムアウト時間(秒)"
+
+-#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:779
+-#: src/sss_client/pam_sss.c:790
+-msgid "Server message: "
+-msgstr "サーバーのメッセージ: "
++#: src/config/SSSDConfig/sssdoptions.py:63
++msgid "Users that SSSD should explicitly ignore"
++msgstr "SSSD が明示的に無視するユーザー"
+
+-#: src/sss_client/pam_sss.c:297
+-msgid "Passwords do not match"
+-msgstr "パスワードが一致しません"
++#: src/config/SSSDConfig/sssdoptions.py:64
++msgid "Groups that SSSD should explicitly ignore"
++msgstr "SSSD が明示的に無視するグループ"
+
+-#: src/sss_client/pam_sss.c:485
+-msgid "Password reset by root is not supported."
+-msgstr "root によるパスワードのリセットはサポートされません。"
++#: src/config/SSSDConfig/sssdoptions.py:65
++msgid "Should filtered users appear in groups"
++msgstr "フィルターされたユーザーをグループに表示する"
+
+-#: src/sss_client/pam_sss.c:526
+-msgid "Authenticated with cached credentials"
+-msgstr "キャッシュされているクレデンシャルを用いて認証されました"
++#: src/config/SSSDConfig/sssdoptions.py:66
++msgid "The value of the password field the NSS provider should return"
++msgstr "NSS プロバイダーが返すパスワード項目の値"
+
+-#: src/sss_client/pam_sss.c:527
+-msgid ", your cached password will expire at: "
+-msgstr "、キャッシュされたパスワードが失効します: "
++#: src/config/SSSDConfig/sssdoptions.py:67
++msgid "Override homedir value from the identity provider with this value"
++msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする"
+
+-#: src/sss_client/pam_sss.c:557
+-#, c-format
+-msgid "Your password has expired. You have %1$d grace login(s) remaining."
+-msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。"
++#: src/config/SSSDConfig/sssdoptions.py:68
++msgid ""
++"Substitute empty homedir value from the identity provider with this value"
++msgstr "アイデンティティープロバイダーからの空のホームディレクトリーをこの値で置き換えます"
+
+-#: src/sss_client/pam_sss.c:603
+-#, c-format
+-msgid "Your password will expire in %1$d %2$s."
+-msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。"
++#: src/config/SSSDConfig/sssdoptions.py:69
++msgid "Override shell value from the identity provider with this value"
++msgstr "アイデンティティープロバイダーからのシェル値をこの値で上書きします"
+
+-#: src/sss_client/pam_sss.c:652
+-msgid "Authentication is denied until: "
+-msgstr "次まで認証が拒否されます: "
++#: src/config/SSSDConfig/sssdoptions.py:70
++msgid "The list of shells users are allowed to log in with"
++msgstr "ユーザーがログインを許可されるシェルの一覧"
+
+-#: src/sss_client/pam_sss.c:673
+-msgid "System is offline, password change not possible"
+-msgstr "システムがオフラインです、パスワード変更ができません"
++#: src/config/SSSDConfig/sssdoptions.py:71
++msgid ""
++"The list of shells that will be vetoed, and replaced with the fallback shell"
++msgstr "拒否されてフォールバックシェルで置き換えられるシェルの一覧"
+
+-#: src/sss_client/pam_sss.c:688
++#: src/config/SSSDConfig/sssdoptions.py:72
+ msgid ""
+-"After changing the OTP password, you need to log out and back in order to "
+-"acquire a ticket"
++"If a shell stored in central directory is allowed but not available, use "
++"this fallback"
++msgstr "中央ディレクトリーに保存されたシェルが許可されるが、利用できない場合、このフォールバックを使用する"
++
++#: src/config/SSSDConfig/sssdoptions.py:73
++msgid "Shell to use if the provider does not list one"
++msgstr "プロバイダーが一覧に持っていないとき使用するシェル"
++
++#: src/config/SSSDConfig/sssdoptions.py:74
++msgid "How long will be in-memory cache records valid"
++msgstr "メモリー内のキャッシュレコードが有効な期間"
++
++#: src/config/SSSDConfig/sssdoptions.py:75
++msgid ""
++"The value of this option will be used in the expansion of the "
++"override_homedir option if the template contains the format string %H."
+ msgstr ""
+-"OTP パスワードの変更後、チケットを取得するためにログアウト後に再びログインす"
+-"る必要があります"
+
+-#: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
+-msgid "Password change failed. "
+-msgstr "パスワードの変更に失敗しました。"
++#: src/config/SSSDConfig/sssdoptions.py:77
++msgid ""
++"Specifies time in seconds for which the list of subdomains will be "
++"considered valid."
++msgstr ""
+
+-#: src/sss_client/pam_sss.c:2008
+-msgid "New Password: "
+-msgstr "新しいパスワード: "
++#: src/config/SSSDConfig/sssdoptions.py:79
++msgid ""
++"The entry cache can be set to automatically update entries in the background "
++"if they are requested beyond a percentage of the entry_cache_timeout value "
++"for the domain."
++msgstr ""
++"The entry cache can be set to automatically update entries in the background "
++"if they are requested beyond a percentage of the entry_cache_timeout value "
++"for the domain."
+
+-#: src/sss_client/pam_sss.c:2009
+-msgid "Reenter new Password: "
+-msgstr "新しいパスワードの再入力: "
++#: src/config/SSSDConfig/sssdoptions.py:84
++msgid "How long to allow cached logins between online logins (days)"
++msgstr "オンラインログイン中にキャッシュによるログインが許容される期間(日数)"
+
+-#: src/sss_client/pam_sss.c:2171 src/sss_client/pam_sss.c:2174
+-msgid "First Factor: "
+-msgstr "1 番目の要素: "
++#: src/config/SSSDConfig/sssdoptions.py:85
++msgid "How many failed logins attempts are allowed when offline"
++msgstr "オフラインの時に許容されるログイン試行失敗回数"
+
+-#: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
+-msgid "Second Factor (optional): "
+-msgstr "2 番目の要素 (オプション): "
++#: src/config/SSSDConfig/sssdoptions.py:87
++msgid ""
++"How long (minutes) to deny login after offline_failed_login_attempts has "
++"been reached"
++msgstr "offline_failed_login_attempts に達した後にログインを拒否する時間(分)"
+
+-#: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
+-msgid "Second Factor: "
+-msgstr "2 番目の要素: "
++#: src/config/SSSDConfig/sssdoptions.py:88
++msgid "What kind of messages are displayed to the user during authentication"
++msgstr "認証中にユーザーに表示されるメッセージの種類"
+
+-#: src/sss_client/pam_sss.c:2190
+-msgid "Password: "
+-msgstr "パスワード: "
++#: src/config/SSSDConfig/sssdoptions.py:89
++msgid "Filter PAM responses sent to the pam_sss"
++msgstr "pam_sss へ送信された PAM のレスポンスをフィルタリングします"
+
+-#: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
+-msgid "First Factor (Current Password): "
+-msgstr "1 番目の要素 (現在のパスワード): "
++#: src/config/SSSDConfig/sssdoptions.py:90
++msgid "How many seconds to keep identity information cached for PAM requests"
++msgstr "PAM 要求に対してキャッシュされた認証情報を保持する秒数"
+
+-#: src/sss_client/pam_sss.c:2349
+-msgid "Current Password: "
+-msgstr "現在のパスワード: "
++#: src/config/SSSDConfig/sssdoptions.py:91
++msgid "How many days before password expiration a warning should be displayed"
++msgstr "警告が表示されるパスワード失効前の日数"
+
+-#: src/sss_client/pam_sss.c:2704
+-msgid "Password expired. Change your password now."
+-msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。"
++#: src/config/SSSDConfig/sssdoptions.py:92
++msgid "List of trusted uids or user's name"
++msgstr "信頼できる UID またはユーザー名の一覧"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
+-#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
+-#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
+-#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
+-#: src/tools/sss_cache.c:719
+-msgid "The debug level to run with"
+-msgstr "実行するデバッグレベル"
++#: src/config/SSSDConfig/sssdoptions.py:93
++msgid "List of domains accessible even for untrusted users."
++msgstr "信頼できないユーザーでさえアクセス可能なドメインの一覧。"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
+-msgid "The SSSD domain to use"
+-msgstr "使用する SSSD ドメイン"
++#: src/config/SSSDConfig/sssdoptions.py:94
++msgid "Message printed when user account is expired."
++msgstr "ユーザーアカウントの有効期限が切れると、メッセージが印刷されます。"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+-#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+-#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
+-#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
+-#: src/tools/sss_cache.c:765
+-msgid "Error setting the locale\n"
+-msgstr "ロケールの設定中にエラーが発生しました\n"
++#: src/config/SSSDConfig/sssdoptions.py:95
++msgid "Message printed when user account is locked."
++msgstr "ユーザーアカウントがロックされると、メッセージが印刷されます。"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
+-msgid "Not enough memory\n"
+-msgstr "十分なメモリーがありません\n"
++#: src/config/SSSDConfig/sssdoptions.py:96
++msgid "Allow certificate based/Smartcard authentication."
++msgstr "証明書ベースまたはスマートカードによる認証を許可します。"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
+-msgid "User not specified\n"
+-msgstr "ユーザーが指定されていません\n"
++#: src/config/SSSDConfig/sssdoptions.py:97
++msgid "Path to certificate database with PKCS#11 modules."
++msgstr "PKCS#11 モジュールでの証明書データベースへのパス。"
+
+-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
+-msgid "Error looking up public keys\n"
+-msgstr "公開鍵の検索中にエラーが発生しました\n"
++#: src/config/SSSDConfig/sssdoptions.py:98
++msgid "How many seconds will pam_sss wait for p11_child to finish"
++msgstr "p11_child が完了するまでに pam_sss が待つ秒数"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
+-msgid "The port to use to connect to the host"
+-msgstr "ホストへの接続に使用するポート"
++#: src/config/SSSDConfig/sssdoptions.py:99
++msgid "Which PAM services are permitted to contact application domains"
++msgstr "アプリケーションドメインへの接続を許可される PAM サービスはどれか"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
+-msgid "Print the host ssh public keys"
+-msgstr "ホスト SSH 公開鍵を印刷"
++#: src/config/SSSDConfig/sssdoptions.py:100
++msgid "Allowed services for using smartcards"
++msgstr "スマートカードの使用が許可されたサービス"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
+-msgid "Invalid port\n"
+-msgstr "無効なポート\n"
++#: src/config/SSSDConfig/sssdoptions.py:101
++msgid "Additional timeout to wait for a card if requested"
++msgstr "要求された場合に、カードが待つ追加のタイムアウト"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
+-msgid "Host not specified\n"
+-msgstr "ホストが指定されていません\n"
++#: src/config/SSSDConfig/sssdoptions.py:102
++msgid ""
++"PKCS#11 URI to restrict the selection of devices for Smartcard "
++"authentication"
++msgstr "スマートカード認証向けのデバイスの選択を PKCS#11 URI が制限"
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
+-msgid "The path to the proxy command must be absolute\n"
+-msgstr "プロキシコマンドへのパスは絶対パスにする必要があります\n"
++#: src/config/SSSDConfig/sssdoptions.py:103
++msgid "When shall the PAM responder force an initgroups request"
++msgstr ""
+
+-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
+-#, c-format
+-msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
+-msgstr "sss_ssh_knownhostsproxy: ホスト名 %s を解決できませんでした\n"
++#: src/config/SSSDConfig/sssdoptions.py:106
++msgid "Whether to evaluate the time-based attributes in sudo rules"
++msgstr "sudo ルールにおいて時間による属性を評価するかどうか"
+
+-#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
+-msgid "The UID of the user"
+-msgstr "ユーザーの UID"
++#: src/config/SSSDConfig/sssdoptions.py:107
++msgid "If true, SSSD will switch back to lower-wins ordering logic"
++msgstr "正しい場合、SSSD は小さい番号が優先される順位付けのロジックへ戻ります"
+
+-#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
+-msgid "The comment string"
+-msgstr "コメント文字列"
++#: src/config/SSSDConfig/sssdoptions.py:108
++msgid ""
++"Maximum number of rules that can be refreshed at once. If this is exceeded, "
++"full refresh is performed."
++msgstr "一度にリフレッシュ可能なルールの最大数。最大数を超えると、フルリフレッシュが実行されます。"
+
+-#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
+-msgid "Home directory"
+-msgstr "ホームディレクトリー"
++#: src/config/SSSDConfig/sssdoptions.py:115
++msgid "Whether to hash host names and addresses in the known_hosts file"
++msgstr "known_hosts ファイルにおいてホスト名とアドレスをハッシュ化するかどうか"
+
+-#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
+-msgid "Login shell"
+-msgstr "ログインシェル"
++#: src/config/SSSDConfig/sssdoptions.py:116
++msgid ""
++"How many seconds to keep a host in the known_hosts file after its host keys "
++"were requested"
++msgstr "ホスト鍵が要求された後 known_hosts ファイルにホストを保持する秒数"
+
+-#: src/tools/sss_useradd.c:53
+-msgid "Groups"
+-msgstr "グループ"
++#: src/config/SSSDConfig/sssdoptions.py:118
++msgid "Path to storage of trusted CA certificates"
++msgstr "信頼された CA 証明書のストレージへのパス"
+
+-#: src/tools/sss_useradd.c:54
+-msgid "Create user's directory if it does not exist"
+-msgstr "ユーザーのディレクトリーが存在しなければ作成する"
++#: src/config/SSSDConfig/sssdoptions.py:119
++msgid "Allow to generate ssh-keys from certificates"
++msgstr "証明書からの ssh-key の生成を許可します"
+
+-#: src/tools/sss_useradd.c:55
+-msgid "Never create user's directory, overrides config"
+-msgstr "ユーザーのディレクトリーを作成しない、設定を上書きする"
++#: src/config/SSSDConfig/sssdoptions.py:120
++msgid ""
++"Use the following matching rules to filter the certificates for ssh-key "
++"generation"
++msgstr "以下の一致するルールを使用して、ssh-key 生成用の証明書をフィルタリングします"
+
+-#: src/tools/sss_useradd.c:56
+-msgid "Specify an alternative skeleton directory"
+-msgstr "代替のスケルトンディレクトリーを指定する"
++#: src/config/SSSDConfig/sssdoptions.py:124
++msgid "List of UIDs or user names allowed to access the PAC responder"
++msgstr "PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
+
+-#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
+-msgid "The SELinux user for user's login"
+-msgstr "ユーザーのログインに対する SELinux ユーザー"
++#: src/config/SSSDConfig/sssdoptions.py:125
++msgid "How long the PAC data is considered valid"
++msgstr "PAC データが有効とされる期間"
+
+-#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+-#: src/tools/sss_usermod.c:92
+-msgid "Specify group to add to\n"
+-msgstr "追加するグループを指定してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:128
++msgid "List of user attributes the InfoPipe is allowed to publish"
++msgstr "InfoPipe がパブリッシュを許可されたユーザー属性の一覧"
+
+-#: src/tools/sss_useradd.c:111
+-msgid "Specify user to add\n"
+-msgstr "追加するユーザーを指定してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:131
++msgid "The provider where the secrets will be stored in"
++msgstr "シークレットが保存されるプロバイダー"
+
+-#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
+-#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
+-#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
+-#: src/tools/sss_usermod.c:162
+-msgid "Error initializing the tools - no local domain\n"
+-msgstr ""
+-"ツールを初期化中にエラーが発生しました - ローカルドメインがありません\n"
++#: src/config/SSSDConfig/sssdoptions.py:132
++msgid "The maximum allowed number of nested containers"
++msgstr "ネストされたコンテナーの最大許可数"
+
+-#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+-#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+-#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
+-#: src/tools/sss_usermod.c:164
+-msgid "Error initializing the tools\n"
+-msgstr "ツールを初期化中にエラーが発生しました\n"
++#: src/config/SSSDConfig/sssdoptions.py:133
++msgid "The maximum number of secrets that can be stored"
++msgstr "保存可能なシークレットの最大数"
+
+-#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+-#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+-#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
+-#: src/tools/sss_usermod.c:173
+-msgid "Invalid domain specified in FQDN\n"
+-msgstr "FQDN で指定されたドメインが無効です\n"
++#: src/config/SSSDConfig/sssdoptions.py:134
++msgid "The maximum number of secrets that can be stored per UID"
++msgstr "UID ごとに保存可能なシークレットの最大数"
+
+-#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+-#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
+-#: src/tools/sss_usermod.c:226
+-msgid "Internal error while parsing parameters\n"
+-msgstr "パラメーターを解析中に内部エラーが発生しました\n"
++#: src/config/SSSDConfig/sssdoptions.py:135
++msgid "The maximum payload size of a secret in kilobytes"
++msgstr "キロバイトでのシークレットの最大ペイロードサイズ"
+
+-#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
+-#: src/tools/sss_usermod.c:235
+-msgid "Groups must be in the same domain as user\n"
+-msgstr "グループがユーザーと同じドメインになければいけません\n"
++#: src/config/SSSDConfig/sssdoptions.py:137
++msgid "The URL Custodia server is listening on"
++msgstr "URL Custodia サーバーはリッスンしています"
+
+-#: src/tools/sss_useradd.c:159
+-#, c-format
+-msgid "Cannot find group %1$s in local domain\n"
+-msgstr "ローカルドメインにグループ %1$s を見つけられません\n"
++#: src/config/SSSDConfig/sssdoptions.py:138
++msgid "The method to use when authenticating to a Custodia server"
++msgstr "Custodia サーバーへの認証時に使用する方法"
+
+-#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
+-msgid "Cannot set default values\n"
+-msgstr "デフォルト値を設定できません\n"
++#: src/config/SSSDConfig/sssdoptions.py:139
++msgid ""
++"The name of the headers that will be added into a HTTP request with the "
++"value defined in auth_header_value"
++msgstr "auth_header_value で値が定義され、HTTP リクエストに追加されるヘッダーの名前"
+
+-#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
+-msgid "The selected UID is outside the allowed range\n"
+-msgstr "選択された UID は許容される範囲を越えています\n"
++#: src/config/SSSDConfig/sssdoptions.py:141
++msgid "The value sssd-secrets would use for auth_header_name"
++msgstr "sssd-secrets の値は、auth_header_name で使用します"
+
+-#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
+-msgid "Cannot set SELinux login context\n"
+-msgstr "SELinux ログインコンテキストを設定できません\n"
++#: src/config/SSSDConfig/sssdoptions.py:142
++msgid ""
++"The list of the headers to forward to the Custodia server together with the "
++"request"
++msgstr "要求と共に Custodia サーバーへ転送するヘッダーの一覧"
+
+-#: src/tools/sss_useradd.c:224
+-msgid "Cannot get info about the user\n"
+-msgstr "ユーザーに関する情報を取得できません\n"
++#: src/config/SSSDConfig/sssdoptions.py:143
++msgid ""
++"The username to use when authenticating to a Custodia server using "
++"basic_auth"
++msgstr "basic_auth を使った Custodia サーバーへの認証時に使用するユーザー名"
+
+-#: src/tools/sss_useradd.c:236
+-msgid "User's home directory already exists, not copying data from skeldir\n"
+-msgstr ""
+-"ユーザーのホームディレクトリーがすでに存在します、スケルトンディレクトリーか"
+-"らデータをコピーしません\n"
++#: src/config/SSSDConfig/sssdoptions.py:144
++msgid ""
++"The password to use when authenticating to a Custodia server using "
++"basic_auth"
++msgstr "basic_auth を使った Custodia サーバーへの認証時に使用するパスワード"
+
+-#: src/tools/sss_useradd.c:239
+-#, c-format
+-msgid "Cannot create user's home directory: %1$s\n"
+-msgstr "ユーザーのホームディレクトリーを作成できません: %1$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:145
++msgid ""
++"If true peer's certificate is verified if proxy_url uses https protocol"
++msgstr "proxy_url が https protocol を使用する場合に、正しいピアの証明書が検証されるかどうか"
+
+-#: src/tools/sss_useradd.c:250
+-#, c-format
+-msgid "Cannot create user's mail spool: %1$s\n"
+-msgstr "ユーザーのメールスプールを作成できません: %1$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:146
++msgid ""
++"If false peer's certificate may contain different hostname than proxy_url "
++"when https protocol is used"
++msgstr "https プロトコルが使用される場合に、間違ったピアの証明書が proxy_url 以外の異なるホスト名を含むかどうか"
+
+-#: src/tools/sss_useradd.c:270
+-msgid "Could not allocate ID for the user - domain full?\n"
+-msgstr "ユーザーに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
++#: src/config/SSSDConfig/sssdoptions.py:148
++msgid "Path to directory where certificate authority certificates are stored"
++msgstr "CA 証明書が保存されているディレクトリーへのパス"
+
+-#: src/tools/sss_useradd.c:274
+-msgid "A user or group with the same name or ID already exists\n"
+-msgstr "同じ名前または ID を持つユーザーまたはグループがすでに存在します\n"
++#: src/config/SSSDConfig/sssdoptions.py:149
++msgid "Path to file containing server's CA certificate"
++msgstr "サーバーの CA 証明書を含むファイルへのパス"
+
+-#: src/tools/sss_useradd.c:280
+-msgid "Transaction error. Could not add user.\n"
+-msgstr "トランザクションエラー。ユーザーを追加できませんでした。\n"
++#: src/config/SSSDConfig/sssdoptions.py:150
++msgid "Path to file containing client's certificate"
++msgstr "クライアントの証明書を含むファイルへのパス"
+
+-#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
+-msgid "The GID of the group"
+-msgstr "グループの GID"
++#: src/config/SSSDConfig/sssdoptions.py:151
++msgid "Path to file containing client's private key"
++msgstr "クライアントの秘密鍵を含むファイルへのパス"
+
+-#: src/tools/sss_groupadd.c:76
+-msgid "Specify group to add\n"
+-msgstr "追加するグループを指定してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:154
++msgid ""
++"One of the following strings specifying the scope of session recording: none "
++"- No users are recorded. some - Users/groups specified by users and groups "
++"options are recorded. all - All users are recorded."
++msgstr ""
+
+-#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
+-msgid "The selected GID is outside the allowed range\n"
+-msgstr "選択された GID は許容される範囲を越えています\n"
++#: src/config/SSSDConfig/sssdoptions.py:157
++msgid ""
++"A comma-separated list of users which should have session recording enabled. "
++"Matches user names as returned by NSS. I.e. after the possible space "
++"replacement, case changes, etc."
++msgstr ""
+
+-#: src/tools/sss_groupadd.c:143
+-msgid "Could not allocate ID for the group - domain full?\n"
+-msgstr "グループに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
++#: src/config/SSSDConfig/sssdoptions.py:159
++msgid ""
++"A comma-separated list of groups, members of which should have session "
++"recording enabled. Matches group names as returned by NSS. I.e. after the "
++"possible space replacement, case changes, etc."
++msgstr ""
+
+-#: src/tools/sss_groupadd.c:147
+-msgid "A group with the same name or GID already exists\n"
+-msgstr "同じ名前または GID を持つグループがすでに存在します\n"
++#: src/config/SSSDConfig/sssdoptions.py:164
++msgid "Identity provider"
++msgstr "アイデンティティープロバイダー"
+
+-#: src/tools/sss_groupadd.c:153
+-msgid "Transaction error. Could not add group.\n"
+-msgstr "トランザクションエラー。グループを追加できませんでした。\n"
++#: src/config/SSSDConfig/sssdoptions.py:165
++msgid "Authentication provider"
++msgstr "認証プロバイダー"
+
+-#: src/tools/sss_groupdel.c:70
+-msgid "Specify group to delete\n"
+-msgstr "削除するグループを指定してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:166
++msgid "Access control provider"
++msgstr "アクセス制御プロバイダー"
+
+-#: src/tools/sss_groupdel.c:104
+-#, c-format
+-msgid "Group %1$s is outside the defined ID range for domain\n"
+-msgstr "グループ %1$s はドメインに対して定義された ID の範囲を越えています\n"
++#: src/config/SSSDConfig/sssdoptions.py:167
++msgid "Password change provider"
++msgstr "パスワード変更プロバイダー"
+
+-#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+-#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+-#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
+-#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
+-#, c-format
+-msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
++#: src/config/SSSDConfig/sssdoptions.py:168
++msgid "SUDO provider"
++msgstr "SUDO プロバイダー"
++
++#: src/config/SSSDConfig/sssdoptions.py:169
++msgid "Autofs provider"
++msgstr "Autofs プロバイダー"
++
++#: src/config/SSSDConfig/sssdoptions.py:170
++msgid "Host identity provider"
++msgstr "ホスト識別プロバイダー"
++
++#: src/config/SSSDConfig/sssdoptions.py:171
++msgid "SELinux provider"
++msgstr "SELinux プロバイダー"
++
++#: src/config/SSSDConfig/sssdoptions.py:172
++msgid "Session management provider"
++msgstr "セッションマネージャーのプロバイダー"
++
++#: src/config/SSSDConfig/sssdoptions.py:173
++msgid "Resolver provider"
+ msgstr ""
+-"NSS リクエストに失敗しました (%1$d)。項目はメモリーキャッシュに残されます。\n"
+
+-#: src/tools/sss_groupdel.c:132
++#: src/config/SSSDConfig/sssdoptions.py:176
++msgid "Whether the domain is usable by the OS or by applications"
++msgstr "OS またはアプリケーションがドメインを使用できるかどうか"
++
++#: src/config/SSSDConfig/sssdoptions.py:177
++msgid "Minimum user ID"
++msgstr "最小ユーザー ID"
++
++#: src/config/SSSDConfig/sssdoptions.py:178
++msgid "Maximum user ID"
++msgstr "最大ユーザー ID"
++
++#: src/config/SSSDConfig/sssdoptions.py:179
++msgid "Enable enumerating all users/groups"
++msgstr "すべてのユーザー・グループの列挙を有効にする"
++
++#: src/config/SSSDConfig/sssdoptions.py:180
++msgid "Cache credentials for offline login"
++msgstr "オフラインログインのためにクレデンシャルをキャッシュする"
++
++#: src/config/SSSDConfig/sssdoptions.py:181
++msgid "Display users/groups in fully-qualified form"
++msgstr "ユーザー・グループを完全修飾形式で表示する"
++
++#: src/config/SSSDConfig/sssdoptions.py:182
++msgid "Don't include group members in group lookups"
++msgstr "グループ検索にグループメンバーを含めない"
++
++#: src/config/SSSDConfig/sssdoptions.py:183
++#: src/config/SSSDConfig/sssdoptions.py:193
++#: src/config/SSSDConfig/sssdoptions.py:194
++#: src/config/SSSDConfig/sssdoptions.py:195
++#: src/config/SSSDConfig/sssdoptions.py:196
++#: src/config/SSSDConfig/sssdoptions.py:197
++#: src/config/SSSDConfig/sssdoptions.py:198
++#: src/config/SSSDConfig/sssdoptions.py:199
++msgid "Entry cache timeout length (seconds)"
++msgstr "エントリーキャッシュのタイムアウト長(秒)"
++
++#: src/config/SSSDConfig/sssdoptions.py:184
+ msgid ""
+-"No such group in local domain. Removing groups only allowed in local "
+-"domain.\n"
+-msgstr ""
+-"そのようなグループはローカルドメインにありません。グループの削除はローカルド"
+-"メインにおいてのみ許可されます。\n"
++"Restrict or prefer a specific address family when performing DNS lookups"
++msgstr "DNS 検索を実行する時に特定のアドレスファミリーを制限または優先します"
+
+-#: src/tools/sss_groupdel.c:137
+-msgid "Internal error. Could not remove group.\n"
+-msgstr "内部エラー。グループを削除できませんでした。\n"
++#: src/config/SSSDConfig/sssdoptions.py:185
++msgid "How long to keep cached entries after last successful login (days)"
++msgstr "最終ログイン成功時からキャッシュエントリーを保持する日数"
+
+-#: src/tools/sss_groupmod.c:44
+-msgid "Groups to add this group to"
+-msgstr "このグループに追加するグループ"
++#: src/config/SSSDConfig/sssdoptions.py:186
++msgid ""
++"How long should SSSD talk to single DNS server before trying next server "
++"(miliseconds)"
++msgstr "次のサーバーを試行するまでに SSSD が単一の DNS サーバーと通信する時間 (ミリ秒)"
+
+-#: src/tools/sss_groupmod.c:46
+-msgid "Groups to remove this group from"
+-msgstr "このグループから削除するグループ"
++#: src/config/SSSDConfig/sssdoptions.py:188
++msgid "How long should keep trying to resolve single DNS query (seconds)"
++msgstr "単一の DNS クエリーの解決を試行する時間 (秒)"
+
+-#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
+-msgid "Specify group to remove from\n"
+-msgstr "削除するグループを指定してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:189
++msgid "How long to wait for replies from DNS when resolving servers (seconds)"
++msgstr "サーバーを名前解決する時に DNS から応答を待つ時間(秒)"
+
+-#: src/tools/sss_groupmod.c:101
+-msgid "Specify group to modify\n"
+-msgstr "変更するグループを指定してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:190
++msgid "The domain part of service discovery DNS query"
++msgstr "サービス検索 DNS クエリーのドメイン部分"
+
+-#: src/tools/sss_groupmod.c:130
++#: src/config/SSSDConfig/sssdoptions.py:191
++msgid "Override GID value from the identity provider with this value"
++msgstr "識別プロバイダーからの GID 値をこの値で上書きする"
++
++#: src/config/SSSDConfig/sssdoptions.py:192
++msgid "Treat usernames as case sensitive"
++msgstr "ユーザー名が大文字小文字を区別するよう取り扱う"
++
++#: src/config/SSSDConfig/sssdoptions.py:200
++msgid "How often should expired entries be refreshed in background"
++msgstr "期限切れのエントリーがバックグラウンドで更新される頻度"
++
++#: src/config/SSSDConfig/sssdoptions.py:201
++msgid "Whether to automatically update the client's DNS entry"
++msgstr "自動的にクライアントの DNS エントリーを更新するかどうか"
++
++#: src/config/SSSDConfig/sssdoptions.py:202
++#: src/config/SSSDConfig/sssdoptions.py:232
++msgid "The TTL to apply to the client's DNS entry after updating it"
++msgstr "クライアントの DNS 項目を更新後、適用する TTL"
++
++#: src/config/SSSDConfig/sssdoptions.py:203
++#: src/config/SSSDConfig/sssdoptions.py:233
++msgid "The interface whose IP should be used for dynamic DNS updates"
++msgstr "動的 DNS 更新のために使用される IP のインターフェース"
++
++#: src/config/SSSDConfig/sssdoptions.py:204
++msgid "How often to periodically update the client's DNS entry"
++msgstr "どのくらい定期的にクライアントの DNS エントリーを更新するか"
++
++#: src/config/SSSDConfig/sssdoptions.py:205
++msgid "Whether the provider should explicitly update the PTR record as well"
++msgstr "プロバイダーが同じように PTR レコードを明示的に更新する必要があるかどうか"
++
++#: src/config/SSSDConfig/sssdoptions.py:206
++msgid "Whether the nsupdate utility should default to using TCP"
++msgstr "nsupdate ユーティリティーが標準で TCP を使用するかどうか"
++
++#: src/config/SSSDConfig/sssdoptions.py:207
++msgid "What kind of authentication should be used to perform the DNS update"
++msgstr "DNS 更新を実行するために使用すべき認証の種類"
++
++#: src/config/SSSDConfig/sssdoptions.py:208
++msgid "Override the DNS server used to perform the DNS update"
++msgstr "DNS の更新を実行する際に使用する DNS サーバーを上書き"
++
++#: src/config/SSSDConfig/sssdoptions.py:209
++msgid "Control enumeration of trusted domains"
++msgstr "信頼されたドメインの列挙を制御"
++
++#: src/config/SSSDConfig/sssdoptions.py:210
++msgid "How often should subdomains list be refreshed"
++msgstr "サブドメインの一覧のリフレッシュ回数"
++
++#: src/config/SSSDConfig/sssdoptions.py:211
++msgid "List of options that should be inherited into a subdomain"
++msgstr "サブドメインに継承すべきオプションの一覧"
++
++#: src/config/SSSDConfig/sssdoptions.py:212
++msgid "Default subdomain homedir value"
++msgstr "デフォルトのサブドメインホームディレクトリーの値"
++
++#: src/config/SSSDConfig/sssdoptions.py:213
++msgid "How long can cached credentials be used for cached authentication"
++msgstr "証明書キャッシュを認証キャッシュに使用できる期間"
++
++#: src/config/SSSDConfig/sssdoptions.py:214
++msgid "Whether to automatically create private groups for users"
++msgstr "ユーザーにプライベートグループを自動的に作成するかどうか"
++
++#: src/config/SSSDConfig/sssdoptions.py:215
++msgid "Display a warning N days before the password expires."
++msgstr "Display a warning N days before the password expires."
++
++#: src/config/SSSDConfig/sssdoptions.py:216
+ msgid ""
+-"Cannot find group in local domain, modifying groups is allowed only in local "
+-"domain\n"
++"Various tags stored by the realmd configuration service for this domain."
+ msgstr ""
+-"ローカルドメインにグループが見つかりませんでした。グループの変更はローカルド"
+-"メインにおいてのみ許可されます\n"
+-
+-#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
+-msgid "Member groups must be in the same domain as parent group\n"
+-msgstr "メンバーグループが親グループと同じドメインにある必要があります\n"
+
+-#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+-#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
+-#, c-format
++#: src/config/SSSDConfig/sssdoptions.py:217
+ msgid ""
+-"Cannot find group %1$s in local domain, only groups in local domain are "
+-"allowed\n"
++"The provider which should handle fetching of subdomains. This value should "
++"be always the same as id_provider."
+ msgstr ""
+-"ローカルドメインにグループ %1$s が見つかりません。ローカルドメインにあるグ"
+-"ループのみが許可されます\n"
+
+-#: src/tools/sss_groupmod.c:257
+-msgid "Could not modify group - check if member group names are correct\n"
++#: src/config/SSSDConfig/sssdoptions.py:219
++msgid ""
++"How many seconds to keep a host ssh key after refresh. IE how long to cache "
++"the host key for."
+ msgstr ""
+-"グループを変更できませんでした - メンバーグループ名が正しいかを確認してくださ"
+-"い\n"
+
+-#: src/tools/sss_groupmod.c:261
+-msgid "Could not modify group - check if groupname is correct\n"
++#: src/config/SSSDConfig/sssdoptions.py:221
++msgid ""
++"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
++"this value determines the minimal length the first authentication factor "
++"(long term password) must have to be saved as SHA512 hash into the cache."
+ msgstr ""
+-"グループを変更できませんでした - グループ名が正しいかを確認してください\n"
+
+-#: src/tools/sss_groupmod.c:265
+-msgid "Transaction error. Could not modify group.\n"
+-msgstr "トランザクションエラー。グループを変更できませんでした。\n"
++#: src/config/SSSDConfig/sssdoptions.py:227
++msgid "IPA domain"
++msgstr "IPA ドメイン"
+
+-#: src/tools/sss_groupshow.c:616
+-msgid "Magic Private "
+-msgstr "マジックプライベート "
++#: src/config/SSSDConfig/sssdoptions.py:228
++msgid "IPA server address"
++msgstr "IPA サーバーのアドレス"
+
+-#: src/tools/sss_groupshow.c:615
+-#, c-format
+-msgid "%1$s%2$sGroup: %3$s\n"
+-msgstr "%1$s%2$sGroup: %3$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:229
++msgid "Address of backup IPA server"
++msgstr "バックアップ IPA サーバーのアドレス"
+
+-#: src/tools/sss_groupshow.c:618
+-#, c-format
+-msgid "%1$sGID number: %2$d\n"
+-msgstr "%1$sGID 番号: %2$d\n"
++#: src/config/SSSDConfig/sssdoptions.py:230
++msgid "IPA client hostname"
++msgstr "IPA クライアントのホスト名"
+
+-#: src/tools/sss_groupshow.c:620
+-#, c-format
+-msgid "%1$sMember users: "
+-msgstr "%1$sMember ユーザー: "
++#: src/config/SSSDConfig/sssdoptions.py:231
++msgid "Whether to automatically update the client's DNS entry in FreeIPA"
++msgstr "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか"
+
+-#: src/tools/sss_groupshow.c:627
+-#, c-format
++#: src/config/SSSDConfig/sssdoptions.py:234
++msgid "Search base for HBAC related objects"
++msgstr "HBAC 関連オブジェクトの検索ベース"
++
++#: src/config/SSSDConfig/sssdoptions.py:235
+ msgid ""
+-"\n"
+-"%1$sIs a member of: "
+-msgstr ""
+-"\n"
+-"%1$sIs は次のメンバー: "
++"The amount of time between lookups of the HBAC rules against the IPA server"
++msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間"
+
+-#: src/tools/sss_groupshow.c:634
+-#, c-format
++#: src/config/SSSDConfig/sssdoptions.py:236
+ msgid ""
+-"\n"
+-"%1$sMember groups: "
+-msgstr ""
+-"\n"
+-"%1$sMember グループ: "
++"The amount of time in seconds between lookups of the SELinux maps against "
++"the IPA server"
++msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間"
+
+-#: src/tools/sss_groupshow.c:670
+-msgid "Print indirect group members recursively"
+-msgstr "間接グループメンバーを再帰的に表示する"
++#: src/config/SSSDConfig/sssdoptions.py:238
++msgid "If set to false, host argument given by PAM will be ignored"
++msgstr "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます"
+
+-#: src/tools/sss_groupshow.c:704
+-msgid "Specify group to show\n"
+-msgstr "表示するグループを指定してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:239
++msgid "The automounter location this IPA client is using"
++msgstr "この IPA クライアントが使用している automounter の場所"
+
+-#: src/tools/sss_groupshow.c:744
+-msgid ""
+-"No such group in local domain. Printing groups only allowed in local "
+-"domain.\n"
+-msgstr ""
+-"そのようなグループはローカルドメインにありません。グループの表示はローカルド"
+-"メインにおいてのみ許可されます。\n"
++#: src/config/SSSDConfig/sssdoptions.py:240
++msgid "Search base for object containing info about IPA domain"
++msgstr "IPA ドメインに関する情報を含むオブジェクトに対する検索ベース"
+
+-#: src/tools/sss_groupshow.c:749
+-msgid "Internal error. Could not print group.\n"
+-msgstr "内部エラー。グループを表示できませんでした。\n"
++#: src/config/SSSDConfig/sssdoptions.py:241
++msgid "Search base for objects containing info about ID ranges"
++msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索ベース"
+
+-#: src/tools/sss_userdel.c:138
+-msgid "Remove home directory and mail spool"
+-msgstr "ホームディレクトリーとメールスプールを削除する"
++#: src/config/SSSDConfig/sssdoptions.py:242
++#: src/config/SSSDConfig/sssdoptions.py:296
++msgid "Enable DNS sites - location based service discovery"
++msgstr "DNS サイトの有効化 - 位置ベースのサービス検索"
+
+-#: src/tools/sss_userdel.c:140
+-msgid "Do not remove home directory and mail spool"
+-msgstr "ホームディレクトリーとメールスプールを削除しない"
++#: src/config/SSSDConfig/sssdoptions.py:243
++msgid "Search base for view containers"
++msgstr "ビューコンテナーの検索ベース"
+
+-#: src/tools/sss_userdel.c:142
+-msgid "Force removal of files not owned by the user"
+-msgstr "ユーザーにより所有されていないファイルの強制削除"
++#: src/config/SSSDConfig/sssdoptions.py:244
++msgid "Objectclass for view containers"
++msgstr "ビューコンテナーのオブジェクトクラス"
+
+-#: src/tools/sss_userdel.c:144
+-msgid "Kill users' processes before removing him"
+-msgstr "ユーザーを削除する前にそのユーザーのプロセスを強制停止する"
++#: src/config/SSSDConfig/sssdoptions.py:245
++msgid "Attribute with the name of the view"
++msgstr "ビューの名前の属性"
+
+-#: src/tools/sss_userdel.c:190
+-msgid "Specify user to delete\n"
+-msgstr "削除するユーザーを指定する\n"
++#: src/config/SSSDConfig/sssdoptions.py:246
++msgid "Objectclass for override objects"
++msgstr "上書きされたオブジェクトのオブジェクトクラス"
+
+-#: src/tools/sss_userdel.c:236
+-#, c-format
+-msgid "User %1$s is outside the defined ID range for domain\n"
+-msgstr "ユーザー %1$s はドメインに対して定義された ID の範囲を超えています\n"
++#: src/config/SSSDConfig/sssdoptions.py:247
++msgid "Attribute with the reference to the original object"
++msgstr "オリジナルオブジェクトを参照する属性"
+
+-#: src/tools/sss_userdel.c:261
+-msgid "Cannot reset SELinux login context\n"
+-msgstr "SELinux ログインコンテキストをリセットできません\n"
++#: src/config/SSSDConfig/sssdoptions.py:248
++msgid "Objectclass for user override objects"
++msgstr "ユーザーが上書きするオブジェクトのオブジェクトクラス"
+
+-#: src/tools/sss_userdel.c:273
+-#, c-format
+-msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
++#: src/config/SSSDConfig/sssdoptions.py:249
++msgid "Objectclass for group override objects"
++msgstr "グループが上書きするオブジェクトのオブジェクトクラス"
++
++#: src/config/SSSDConfig/sssdoptions.py:250
++msgid "Search base for Desktop Profile related objects"
++msgstr "デスクトッププロファイルに関連するオブジェクトの検索ベース"
++
++#: src/config/SSSDConfig/sssdoptions.py:251
++msgid ""
++"The amount of time in seconds between lookups of the Desktop Profile rules "
++"against the IPA server"
++msgstr "IPA サーバーに対するデスクトッププロファイルルールを検索している間の秒単位の合計時間"
++
++#: src/config/SSSDConfig/sssdoptions.py:253
++msgid ""
++"The amount of time in minutes between lookups of Desktop Profiles rules "
++"against the IPA server when the last request did not find any rule"
++msgstr "最後の要求がルールを何も見つけなかった場合の IPA サーバーに対するデスクトッププロファイルル ールを検索している間の分単位の合計時間"
++
++#: src/config/SSSDConfig/sssdoptions.py:256
++msgid "The LDAP attribute that contains FQDN of the host."
+ msgstr ""
+-"警告: ユーザー (uid %1$lu) が削除された時にまだログインしていました。\n"
+
+-#: src/tools/sss_userdel.c:278
+-msgid "Cannot determine if the user was logged in on this platform"
++#: src/config/SSSDConfig/sssdoptions.py:257
++#: src/config/SSSDConfig/sssdoptions.py:280
++msgid "The object class of a host entry in LDAP."
+ msgstr ""
+-"ユーザーがこのプラットフォームにログインしていたかを確認できませんでした"
+
+-#: src/tools/sss_userdel.c:283
+-msgid "Error while checking if the user was logged in\n"
+-msgstr "ユーザーがログインしていたかを確認中にエラーが発生しました\n"
++#: src/config/SSSDConfig/sssdoptions.py:258
++msgid "Use the given string as search base for host objects."
++msgstr ""
+
+-#: src/tools/sss_userdel.c:290
+-#, c-format
+-msgid "The post-delete command failed: %1$s\n"
+-msgstr "削除後コマンドの実行に失敗しました: %1$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:259
++msgid "The LDAP attribute that contains the host's SSH public keys."
++msgstr ""
+
+-#: src/tools/sss_userdel.c:310
+-msgid "Not removing home dir - not owned by user\n"
++#: src/config/SSSDConfig/sssdoptions.py:260
++msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+ msgstr ""
+-"ホームディレクトリーを削除していません - ユーザーにより所有されていません\n"
+
+-#: src/tools/sss_userdel.c:312
+-#, c-format
+-msgid "Cannot remove homedir: %1$s\n"
+-msgstr "ホームディレクトリーを削除できません: %1$s\n"
++#: src/config/SSSDConfig/sssdoptions.py:261
++msgid "The LDAP attribute that contains the names of the netgroup's members."
++msgstr "The LDAP attribute that contains the names of the netgroup's members."
+
+-#: src/tools/sss_userdel.c:326
++#: src/config/SSSDConfig/sssdoptions.py:262
+ msgid ""
+-"No such user in local domain. Removing users only allowed in local domain.\n"
++"The LDAP attribute that lists FQDNs of hosts and host groups that are "
++"members of the netgroup."
+ msgstr ""
+-"そのようなユーザーはローカルドメインにいません。ユーザーの削除はローカルドメ"
+-"インにおいてのみ許可されます。\n"
+
+-#: src/tools/sss_userdel.c:331
+-msgid "Internal error. Could not remove user.\n"
+-msgstr "内部エラー。ユーザーを削除できませんでした。\n"
++#: src/config/SSSDConfig/sssdoptions.py:264
++msgid ""
++"The LDAP attribute that lists hosts and host groups that are direct members "
++"of the netgroup."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:49
+-msgid "The GID of the user"
+-msgstr "ユーザーの GID"
++#: src/config/SSSDConfig/sssdoptions.py:266
++msgid "The LDAP attribute that lists netgroup's memberships."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:53
+-msgid "Groups to add this user to"
+-msgstr "このユーザーを追加するグループ"
++#: src/config/SSSDConfig/sssdoptions.py:267
++msgid ""
++"The LDAP attribute that lists system users and groups that are direct "
++"members of the netgroup."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:54
+-msgid "Groups to remove this user from"
+-msgstr "このユーザーを削除するグループ"
++#: src/config/SSSDConfig/sssdoptions.py:269
++msgid "The LDAP attribute that corresponds to the netgroup name."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:55
+-msgid "Lock the account"
+-msgstr "アカウントをロックする"
++#: src/config/SSSDConfig/sssdoptions.py:270
++msgid "The object class of a netgroup entry in LDAP."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:56
+-msgid "Unlock the account"
+-msgstr "アカウントをロック解除する"
++#: src/config/SSSDConfig/sssdoptions.py:271
++msgid ""
++"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:57
+-msgid "Add an attribute/value pair. The format is attrname=value."
+-msgstr "属性/値のペアを追加します。フォーマットは attrname=value です。"
++#: src/config/SSSDConfig/sssdoptions.py:272
++msgid ""
++"The LDAP attribute that contains whether or not is user map enabled for "
++"usage."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:58
+-msgid "Delete an attribute/value pair. The format is attrname=value."
+-msgstr "属性/値のペアを削除します。フォーマットは attrname=value です。"
++#: src/config/SSSDConfig/sssdoptions.py:274
++msgid "The LDAP attribute that contains host category such as 'all'."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:59
++#: src/config/SSSDConfig/sssdoptions.py:275
+ msgid ""
+-"Set an attribute to a name/value pair. The format is attrname=value. For "
+-"multi-valued attributes, the command replaces the values already present"
++"The LDAP attribute that contains all hosts / hostgroups this rule match "
++"against."
+ msgstr ""
+-"名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持つ属"
+-"性の場合、コマンドがすでに存在する値に置き換えられます。"
+
+-#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
+-#: src/tools/sss_usermod.c:135
+-msgid "Specify the attribute name/value pair(s)\n"
+-msgstr "属性の名前/値のペアを指定します\n"
++#: src/config/SSSDConfig/sssdoptions.py:277
++msgid ""
++"The LDAP attribute that contains all users / groups this rule match against."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:152
+-msgid "Specify user to modify\n"
+-msgstr "変更するユーザーを指定してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:279
++msgid "The LDAP attribute that contains the name of SELinux usermap."
++msgstr ""
+
+-#: src/tools/sss_usermod.c:180
++#: src/config/SSSDConfig/sssdoptions.py:281
+ msgid ""
+-"Cannot find user in local domain, modifying users is allowed only in local "
+-"domain\n"
++"The LDAP attribute that contains DN of HBAC rule which can be used for "
++"matching instead of memberUser and memberHost."
+ msgstr ""
+-"ローカルドメインにユーザーを見つけられません。ユーザーの変更はローカルドメイ"
+-"ンにおいてのみ許可されます。\n"
+
+-#: src/tools/sss_usermod.c:322
+-msgid "Could not modify user - check if group names are correct\n"
++#: src/config/SSSDConfig/sssdoptions.py:283
++msgid "The LDAP attribute that contains SELinux user string itself."
+ msgstr ""
+-"ユーザーを変更できませんでした - グループ名が正しいかを確認してください\n"
+
+-#: src/tools/sss_usermod.c:326
+-msgid "Could not modify user - user already member of groups?\n"
++#: src/config/SSSDConfig/sssdoptions.py:284
++msgid "The LDAP attribute that contains user category such as 'all'."
+ msgstr ""
+-"ユーザーを変更できませんでした - ユーザーはすでにグループのメンバーですか?\n"
+-
+-#: src/tools/sss_usermod.c:330
+-msgid "Transaction error. Could not modify user.\n"
+-msgstr "トランザクションエラー。ユーザーを変更できませんでした。\n"
+
+-#: src/tools/sss_cache.c:245
+-msgid "No cache object matched the specified search\n"
+-msgstr "指定された検索に一致するキャッシュオブジェクトがありません\n"
++#: src/config/SSSDConfig/sssdoptions.py:285
++msgid "The LDAP attribute that contains unique ID of the user map."
++msgstr ""
+
+-#: src/tools/sss_cache.c:536
+-#, c-format
+-msgid "Couldn't invalidate %1$s\n"
+-msgstr "%1$s を無効化できませんでした\n"
++#: src/config/SSSDConfig/sssdoptions.py:286
++msgid ""
++"The option denotes that the SSSD is running on IPA server and should perform "
++"lookups of users and groups from trusted domains differently."
++msgstr ""
+
+-#: src/tools/sss_cache.c:543
+-#, c-format
+-msgid "Couldn't invalidate %1$s %2$s\n"
+-msgstr "%1$s %2$s を無効化できませんでした\n"
++#: src/config/SSSDConfig/sssdoptions.py:288
++msgid "Use the given string as search base for trusted domains."
++msgstr ""
+
+-#: src/tools/sss_cache.c:721
+-msgid "Invalidate all cached entries"
+-msgstr "すべてのキャッシュエントリーを無効化します"
++#: src/config/SSSDConfig/sssdoptions.py:291
++msgid "Active Directory domain"
++msgstr "Active Directory ドメイン"
+
+-#: src/tools/sss_cache.c:723
+-msgid "Invalidate particular user"
+-msgstr "特定のユーザーを無効にする"
++#: src/config/SSSDConfig/sssdoptions.py:292
++msgid "Enabled Active Directory domains"
++msgstr "有効化された Active Directory ドメイン"
+
+-#: src/tools/sss_cache.c:725
+-msgid "Invalidate all users"
+-msgstr "すべてのユーザーを無効にする"
++#: src/config/SSSDConfig/sssdoptions.py:293
++msgid "Active Directory server address"
++msgstr "Active Directory サーバーアドレス"
+
+-#: src/tools/sss_cache.c:727
+-msgid "Invalidate particular group"
+-msgstr "特定のグループを無効にする"
++#: src/config/SSSDConfig/sssdoptions.py:294
++msgid "Active Directory backup server address"
++msgstr "Active Directory バックアップサーバーのアドレス"
+
+-#: src/tools/sss_cache.c:729
+-msgid "Invalidate all groups"
+-msgstr "すべてのグループを無効にする"
++#: src/config/SSSDConfig/sssdoptions.py:295
++msgid "Active Directory client hostname"
++msgstr "Active Directory クライアントホスト名"
+
+-#: src/tools/sss_cache.c:731
+-msgid "Invalidate particular netgroup"
+-msgstr "特定のネットワークグループを無効にする"
++#: src/config/SSSDConfig/sssdoptions.py:297
++#: src/config/SSSDConfig/sssdoptions.py:488
++msgid "LDAP filter to determine access privileges"
++msgstr "アクセス権限を決めるための LDAP フィルター"
+
+-#: src/tools/sss_cache.c:733
+-msgid "Invalidate all netgroups"
+-msgstr "すべてのネットワークグループを無効にする"
++#: src/config/SSSDConfig/sssdoptions.py:298
++msgid "Whether to use the Global Catalog for lookups"
++msgstr "検索にグローバルカタログを使用するかどうか"
+
+-#: src/tools/sss_cache.c:735
+-msgid "Invalidate particular service"
+-msgstr "特定のサービスの無効化"
++#: src/config/SSSDConfig/sssdoptions.py:299
++msgid "Operation mode for GPO-based access control"
++msgstr "グローバルカタログベースのアクセス制御に対するオペレーションモード"
+
+-#: src/tools/sss_cache.c:737
+-msgid "Invalidate all services"
+-msgstr "すべてのサービスの無効化"
++#: src/config/SSSDConfig/sssdoptions.py:300
++msgid ""
++"The amount of time between lookups of the GPO policy files against the AD "
++"server"
++msgstr "AD サーバーに対する GPO ポリシーファイルを検索している間の合計時間"
+
+-#: src/tools/sss_cache.c:740
+-msgid "Invalidate particular autofs map"
+-msgstr "特定の autofs マップの無効化"
++#: src/config/SSSDConfig/sssdoptions.py:301
++msgid ""
++"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
++"settings"
++msgstr "GPO (Deny)InteractiveLogonRight のポリシー設定にマッピングした PAM サービス名"
+
+-#: src/tools/sss_cache.c:742
+-msgid "Invalidate all autofs maps"
+-msgstr "すべての autofs マップの無効化"
++#: src/config/SSSDConfig/sssdoptions.py:303
++msgid ""
++"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
++"policy settings"
++msgstr "GPO (Deny)RemoteInteractiveLogonRight のポリシー設定にマッピングした PAM サービス名"
+
+-#: src/tools/sss_cache.c:746
+-msgid "Invalidate particular SSH host"
+-msgstr "特定の SSH ホストを無効化します"
++#: src/config/SSSDConfig/sssdoptions.py:305
++msgid ""
++"PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
++"settings"
++msgstr "GPO (Deny)NetworkLogonRight のポリシー設定にマッピングした PAM サービス名"
+
+-#: src/tools/sss_cache.c:748
+-msgid "Invalidate all SSH hosts"
+-msgstr "すべての SSH ホストを無効化します"
++#: src/config/SSSDConfig/sssdoptions.py:306
++msgid ""
++"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
++msgstr "GPO (Deny)BatchLogonRight のポリシー設定にマッピングした PAM サービス名"
+
+-#: src/tools/sss_cache.c:752
+-msgid "Invalidate particular sudo rule"
+-msgstr "特定の sudo ルールを無効化します"
++#: src/config/SSSDConfig/sssdoptions.py:307
++msgid ""
++"PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
++"settings"
++msgstr "(Deny)ServiceLogonRight のポリシー設定にマッピングした PAM サービス名"
+
+-#: src/tools/sss_cache.c:754
+-msgid "Invalidate all cached sudo rules"
+-msgstr "すべてのキャッシュ sudo ルールを無効化します"
++#: src/config/SSSDConfig/sssdoptions.py:308
++msgid "PAM service names for which GPO-based access is always granted"
++msgstr "GPO ベースのアクセスが常に許可される PAM サービス名"
+
+-#: src/tools/sss_cache.c:757
+-msgid "Only invalidate entries from a particular domain"
+-msgstr "特定のドメインのみからエントリーを無効にする"
++#: src/config/SSSDConfig/sssdoptions.py:309
++msgid "PAM service names for which GPO-based access is always denied"
++msgstr "GPO ベースのアクセスが常に拒否される PAM サービス名"
+
+-#: src/tools/sss_cache.c:811
++#: src/config/SSSDConfig/sssdoptions.py:310
+ msgid ""
+-"Unexpected argument(s) provided, options that invalidate a single object "
+-"only accept a single provided argument.\n"
+-msgstr ""
+-"予期しない引数が提供される場合、1 つのオブジェクトを無効化するオプションは、"
+-"提供された引数を 1 つだけ受け取ります。\n"
++"Default logon right (or permit/deny) to use for unmapped PAM service names"
++msgstr "マッピングされていない PAM サービス名に使用するデフォルトのログオン権利 (または許可/拒否)"
+
+-#: src/tools/sss_cache.c:821
+-msgid "Please select at least one object to invalidate\n"
+-msgstr "無効化するオブジェクトを少なくとも一つ選択してください\n"
++#: src/config/SSSDConfig/sssdoptions.py:311
++msgid "a particular site to be used by the client"
++msgstr "クライアントが使用する特定のサイト"
+
+-#: src/tools/sss_cache.c:904
+-#, c-format
++#: src/config/SSSDConfig/sssdoptions.py:312
+ msgid ""
+-"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
+-"use fully qualified name instead of --domain/-d parameter.\n"
+-msgstr ""
+-"ドメイン %1$s を開けませんでした。ドメインがサブドメイン (信頼済みドメイン) "
+-"であれば、--domain/-d パラメーターの代わりに完全修飾名を使用してください。\n"
++"Maximum age in days before the machine account password should be renewed"
++msgstr "マシンアカウントのパスワードの更新が必要となるまでの最大日数"
+
+-#: src/tools/sss_cache.c:909
+-msgid "Could not open available domains\n"
+-msgstr "利用可能なドメインを開けませんでした\n"
++#: src/config/SSSDConfig/sssdoptions.py:314
++msgid "Option for tuning the machine account renewal task"
++msgstr "マシンアカウントの更新タスクをチューニングするオプション"
+
+-#: src/tools/tools_util.c:202
+-#, c-format
+-msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
++#: src/config/SSSDConfig/sssdoptions.py:315
++msgid "Whether to update the machine account password in the Samba database"
+ msgstr ""
+-"名前 '%1$s' が FQDN であるように見えません ('%2$s = TRUE' が設定されます)\n"
+
+-#: src/tools/tools_util.c:309
+-msgid "Out of memory\n"
+-msgstr "メモリー不足\n"
++#: src/config/SSSDConfig/sssdoptions.py:317
++msgid "Use LDAPS port for LDAP and Global Catalog requests"
++msgstr "LDAP およびグローバルカタログのリクエストに LDAPS ポートを使用する"
+
+-#: src/tools/tools_util.h:40
+-#, c-format
+-msgid "%1$s must be run as root\n"
+-msgstr "%1$s は root として実行する必要があります\n"
++#: src/config/SSSDConfig/sssdoptions.py:320
++#: src/config/SSSDConfig/sssdoptions.py:321
++msgid "Kerberos server address"
++msgstr "Kerberos サーバーのアドレス"
+
+-#: src/tools/sssctl/sssctl.c:35
+-msgid "yes"
+-msgstr "はい"
++#: src/config/SSSDConfig/sssdoptions.py:322
++msgid "Kerberos backup server address"
++msgstr "Kerberos バックアップサーバーのアドレス"
+
+-#: src/tools/sssctl/sssctl.c:37
+-msgid "no"
+-msgstr "いいえ"
++#: src/config/SSSDConfig/sssdoptions.py:323
++msgid "Kerberos realm"
++msgstr "Kerberos レルム"
+
+-#: src/tools/sssctl/sssctl.c:39
+-msgid "error"
+-msgstr "エラー"
++#: src/config/SSSDConfig/sssdoptions.py:324
++msgid "Authentication timeout"
++msgstr "認証のタイムアウト"
+
+-#: src/tools/sssctl/sssctl.c:42
+-msgid "Invalid result."
+-msgstr "無効な結果。"
++#: src/config/SSSDConfig/sssdoptions.py:325
++msgid "Whether to create kdcinfo files"
++msgstr "kdcinfo ファイルを作成するかどうか"
+
+-#: src/tools/sssctl/sssctl.c:78
+-msgid "Unable to read user input\n"
+-msgstr "ユーザーインプットの読み込みができませんでした\n"
++#: src/config/SSSDConfig/sssdoptions.py:326
++msgid "Where to drop krb5 config snippets"
++msgstr "krb5 設定スニペットを削除する場所"
+
+-#: src/tools/sssctl/sssctl.c:91
+-#, c-format
+-msgid "Invalid input, please provide either '%s' or '%s'.\n"
+-msgstr ""
+-"無効なインプットです。'%s' または '%s' のいずれかを提供してください。\n"
++#: src/config/SSSDConfig/sssdoptions.py:329
++msgid "Directory to store credential caches"
++msgstr "クレデンシャルのキャッシュを保存するディレクトリー"
+
+-#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
+-msgid "Error while executing external command\n"
+-msgstr "外部のコマンドを実行中にエラーが発生しました\n"
++#: src/config/SSSDConfig/sssdoptions.py:330
++msgid "Location of the user's credential cache"
++msgstr "ユーザーのクレデンシャルキャッシュの位置"
+
+-#: src/tools/sssctl/sssctl.c:156
+-msgid "SSSD needs to be running. Start SSSD now?"
+-msgstr "SSSD を実行する必要があります。SSSD をすぐに実行しますか?"
++#: src/config/SSSDConfig/sssdoptions.py:331
++msgid "Location of the keytab to validate credentials"
++msgstr "クレデンシャルを検証するキーテーブルの場所"
+
+-#: src/tools/sssctl/sssctl.c:195
+-msgid "SSSD must not be running. Stop SSSD now?"
+-msgstr "SSSD を実行してはいけません。SSSD を今、停止しますか?"
++#: src/config/SSSDConfig/sssdoptions.py:332
++msgid "Enable credential validation"
++msgstr "クレデンシャルの検証を有効にする"
+
+-#: src/tools/sssctl/sssctl.c:231
+-msgid "SSSD needs to be restarted. Restart SSSD now?"
+-msgstr "SSSD は再起動が必要です。SSSD を今、再起動しますか?"
++#: src/config/SSSDConfig/sssdoptions.py:333
++msgid "Store password if offline for later online authentication"
++msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
+
+-#: src/tools/sssctl/sssctl_cache.c:31
+-#, c-format
+-msgid " %s is not present in cache.\n"
+-msgstr " %s はキャッシュにありません\n"
++#: src/config/SSSDConfig/sssdoptions.py:334
++msgid "Renewable lifetime of the TGT"
++msgstr "更新可能な TGT の有効期間"
+
+-#: src/tools/sssctl/sssctl_cache.c:33
+-msgid "Name"
+-msgstr "名前"
++#: src/config/SSSDConfig/sssdoptions.py:335
++msgid "Lifetime of the TGT"
++msgstr "TGT の有効期間"
+
+-#: src/tools/sssctl/sssctl_cache.c:34
+-msgid "Cache entry creation date"
+-msgstr "キャッシュエントリーの作成日"
++#: src/config/SSSDConfig/sssdoptions.py:336
++msgid "Time between two checks for renewal"
++msgstr "更新を確認する間隔"
+
+-#: src/tools/sssctl/sssctl_cache.c:35
+-msgid "Cache entry last update time"
+-msgstr "キャッシュエントリーが最後に更新された時間"
++#: src/config/SSSDConfig/sssdoptions.py:337
++msgid "Enables FAST"
++msgstr "FAST を有効にする"
+
+-#: src/tools/sssctl/sssctl_cache.c:36
+-msgid "Cache entry expiration time"
+-msgstr "キャッシュエントリーの期限切れ時間"
++#: src/config/SSSDConfig/sssdoptions.py:338
++msgid "Selects the principal to use for FAST"
++msgstr "FAST に使用するプリンシパルを選択する"
+
+-#: src/tools/sssctl/sssctl_cache.c:37
+-msgid "Cached in InfoPipe"
+-msgstr "InfoPipe にキャッシュ"
++#: src/config/SSSDConfig/sssdoptions.py:339
++msgid "Enables principal canonicalization"
++msgstr "プリンシパル正規化を有効にする"
+
+-#: src/tools/sssctl/sssctl_cache.c:522
+-#, c-format
+-msgid "Error: Unable to get object [%d]: %s\n"
+-msgstr "エラー: オブジェクト [%d] を取得できません: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:340
++msgid "Enables enterprise principals"
++msgstr "エンタープライズ・プリンシパルの有効化"
+
+-#: src/tools/sssctl/sssctl_cache.c:538
+-#, c-format
+-msgid "%s: Unable to read value [%d]: %s\n"
+-msgstr "%s: 値 [%d] の読み込みができません: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:341
++msgid "A mapping from user names to Kerberos principal names"
++msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング"
+
+-#: src/tools/sssctl/sssctl_cache.c:566
+-msgid "Specify name."
+-msgstr "名前を指定します。"
++#: src/config/SSSDConfig/sssdoptions.py:344
++#: src/config/SSSDConfig/sssdoptions.py:345
++msgid "Server where the change password service is running if not on the KDC"
++msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
+
+-#: src/tools/sssctl/sssctl_cache.c:576
+-#, c-format
+-msgid "Unable to parse name %s.\n"
+-msgstr "名前 %s を構文解析できません。\n"
++#: src/config/SSSDConfig/sssdoptions.py:348
++msgid "ldap_uri, The URI of the LDAP server"
++msgstr "ldap_uri, LDAP サーバーの URI"
+
+-#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
+-msgid "Search by SID"
+-msgstr "SID で検索"
++#: src/config/SSSDConfig/sssdoptions.py:349
++msgid "ldap_backup_uri, The URI of the LDAP server"
++msgstr "ldap_backup_uri, LDAP サーバーの URI"
+
+-#: src/tools/sssctl/sssctl_cache.c:603
+-msgid "Search by user ID"
+-msgstr "ユーザーID で検索"
++#: src/config/SSSDConfig/sssdoptions.py:350
++msgid "The default base DN"
++msgstr "デフォルトのベース DN"
+
+-#: src/tools/sssctl/sssctl_cache.c:612
+-msgid "Initgroups expiration time"
+-msgstr "Initgroups の期限切れ時間"
++#: src/config/SSSDConfig/sssdoptions.py:351
++msgid "The Schema Type in use on the LDAP server, rfc2307"
++msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307"
+
+-#: src/tools/sssctl/sssctl_cache.c:650
+-msgid "Search by group ID"
+-msgstr "グループ ID で検索"
++#: src/config/SSSDConfig/sssdoptions.py:352
++msgid "Mode used to change user password"
++msgstr "ユーザーのパスワードの変更にモードを使用しました"
+
+-#: src/tools/sssctl/sssctl_config.c:70
+-#, c-format
+-msgid "Failed to open %s\n"
+-msgstr "%s を開くことに失敗しました\n"
++#: src/config/SSSDConfig/sssdoptions.py:353
++msgid "The default bind DN"
++msgstr "デフォルトのバインド DN"
+
+-#: src/tools/sssctl/sssctl_config.c:75
+-#, c-format
+-msgid "File %1$s does not exist.\n"
+-msgstr "ファイル %1$s は存在しません。\n"
++#: src/config/SSSDConfig/sssdoptions.py:354
++msgid "The type of the authentication token of the default bind DN"
++msgstr "デフォルトのバインド DN の認証トークンの種類"
+
+-#: src/tools/sssctl/sssctl_config.c:79
+-msgid ""
+-"File ownership and permissions check failed. Expected root:root and 0600.\n"
+-msgstr ""
+-"ファイルの所有権とパーミッションの確認に失敗しました。予期される root:root お"
+-"よび 0600。\n"
++#: src/config/SSSDConfig/sssdoptions.py:355
++msgid "The authentication token of the default bind DN"
++msgstr "デフォルトのバインド DN の認証トークン"
+
+-#: src/tools/sssctl/sssctl_config.c:85
+-#, fuzzy, c-format
+-msgid "Failed to load configuration from %s.\n"
+-msgstr "%s からの設定のロードに失敗しました。\n"
++#: src/config/SSSDConfig/sssdoptions.py:356
++msgid "Length of time to attempt connection"
++msgstr "接続を試行する時間"
+
+-#: src/tools/sssctl/sssctl_config.c:91
+-msgid "Error while reading configuration directory.\n"
+-msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n"
++#: src/config/SSSDConfig/sssdoptions.py:357
++msgid "Length of time to attempt synchronous LDAP operations"
++msgstr "LDAP 同期操作を試行する時間"
+
+-#: src/tools/sssctl/sssctl_config.c:99
+-msgid ""
+-"There is no configuration. SSSD will use default configuration with files "
+-"provider.\n"
+-msgstr ""
+-"設定はありません。SSSD は、ファイルプロバイダーでデフォルト設定を使用しま"
+-"す。\n"
++#: src/config/SSSDConfig/sssdoptions.py:358
++msgid "Length of time between attempts to reconnect while offline"
++msgstr "オフラインの間に再接続を試行する時間"
+
+-#: src/tools/sssctl/sssctl_config.c:111
+-msgid "Failed to run validators"
+-msgstr "バリデーターの実行に失敗しました"
++#: src/config/SSSDConfig/sssdoptions.py:359
++msgid "Use only the upper case for realm names"
++msgstr "レルム名に対して大文字のみを使用する"
+
+-#: src/tools/sssctl/sssctl_config.c:115
+-#, c-format
+-msgid "Issues identified by validators: %zu\n"
+-msgstr "バリデーターで特定された問題: %zu\n"
++#: src/config/SSSDConfig/sssdoptions.py:360
++msgid "File that contains CA certificates"
++msgstr "CA 証明書を含むファイル"
+
+-#: src/tools/sssctl/sssctl_config.c:126
+-#, c-format
+-msgid "Messages generated during configuration merging: %zu\n"
+-msgstr "設定のマージ中に生成されたメッセージ: %zu\n"
++#: src/config/SSSDConfig/sssdoptions.py:361
++msgid "Path to CA certificate directory"
++msgstr "CA 証明書のディレクトリーのパス"
+
+-#: src/tools/sssctl/sssctl_config.c:137
+-#, c-format
+-msgid "Used configuration snippet files: %zu\n"
+-msgstr "使用された設定スニペットファイル: %zu\n"
++#: src/config/SSSDConfig/sssdoptions.py:362
++msgid "File that contains the client certificate"
++msgstr "クライアント証明書を含むファイル"
+
+-#: src/tools/sssctl/sssctl_data.c:89
+-#, c-format
+-msgid "Unable to create backup directory [%d]: %s"
+-msgstr "バックアップディレクトリー [%d] を作成できません: %s"
++#: src/config/SSSDConfig/sssdoptions.py:363
++msgid "File that contains the client key"
++msgstr "クライアントの鍵を含むファイル"
+
+-#: src/tools/sssctl/sssctl_data.c:95
+-msgid "SSSD backup of local data already exists, override?"
+-msgstr ""
+-"ローカルデータの SSSD バックアップはすでに存在しますが、上書きしますか?"
++#: src/config/SSSDConfig/sssdoptions.py:364
++msgid "List of possible ciphers suites"
++msgstr "利用可能な暗号の一覧"
+
+-#: src/tools/sssctl/sssctl_data.c:111
+-msgid "Unable to export user overrides\n"
+-msgstr "ユーザーの上書きをエクスポートできません\n"
++#: src/config/SSSDConfig/sssdoptions.py:365
++msgid "Require TLS certificate verification"
++msgstr "TLS 証明書の検証を要求する"
+
+-#: src/tools/sssctl/sssctl_data.c:118
+-msgid "Unable to export group overrides\n"
+-msgstr "グループの上書きをエクスポートできません\n"
++#: src/config/SSSDConfig/sssdoptions.py:366
++msgid "Specify the sasl mechanism to use"
++msgstr "使用する SASL メカニズムを指定する"
+
+-#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
+-msgid "Override existing backup"
+-msgstr "既存のバックアップを上書き"
++#: src/config/SSSDConfig/sssdoptions.py:367
++msgid "Specify the sasl authorization id to use"
++msgstr "使用する SASL 認可 ID を指定する"
+
+-#: src/tools/sssctl/sssctl_data.c:164
+-msgid "Unable to import user overrides\n"
+-msgstr "ユーザーの上書きをインポートできません\n"
++#: src/config/SSSDConfig/sssdoptions.py:368
++msgid "Specify the sasl authorization realm to use"
++msgstr "使用する SASL 認可レルムを指定する"
+
+-#: src/tools/sssctl/sssctl_data.c:173
+-msgid "Unable to import group overrides\n"
+-msgstr "グループの上書きをインポートできません\n"
++#: src/config/SSSDConfig/sssdoptions.py:369
++msgid "Specify the minimal SSF for LDAP sasl authorization"
++msgstr "LDAP SASL 認可の最小 SSF を指定する"
+
+-#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
+-#: src/tools/sssctl/sssctl_domains.c:328
+-msgid "Start SSSD if it is not running"
+-msgstr "実行中でない場合、SSSD を開始します"
++#: src/config/SSSDConfig/sssdoptions.py:370
++msgid "Specify the maximal SSF for LDAP sasl authorization"
++msgstr "LDAP SASL 認可の最大 SSF を指定する"
+
+-#: src/tools/sssctl/sssctl_data.c:195
+-msgid "Restart SSSD after data import"
+-msgstr "データのインポートの後、SSSD を再起動します"
++#: src/config/SSSDConfig/sssdoptions.py:371
++msgid "Kerberos service keytab"
++msgstr "Kerberos サービスのキーテーブル"
+
+-#: src/tools/sssctl/sssctl_data.c:218
+-msgid "Create clean cache files and import local data"
+-msgstr "クリーンなキャッシュファイルを作成し、ローカルデータをインポートします"
++#: src/config/SSSDConfig/sssdoptions.py:372
++msgid "Use Kerberos auth for LDAP connection"
++msgstr "LDAP 接続に対して Kerberos 認証を使用する"
+
+-#: src/tools/sssctl/sssctl_data.c:219
+-msgid "Stop SSSD before removing the cache"
+-msgstr "キャッシュを削除する前に SSSD を停止します"
++#: src/config/SSSDConfig/sssdoptions.py:373
++msgid "Follow LDAP referrals"
++msgstr "LDAP リフェラルにしたがう"
+
+-#: src/tools/sssctl/sssctl_data.c:220
+-msgid "Start SSSD when the cache is removed"
+-msgstr "キャッシュの削除後に SSSD を開始します"
++#: src/config/SSSDConfig/sssdoptions.py:374
++msgid "Lifetime of TGT for LDAP connection"
++msgstr "LDAP 接続の TGT の有効期間"
+
+-#: src/tools/sssctl/sssctl_data.c:235
+-msgid "Creating backup of local data...\n"
+-msgstr "ローカルデータのバックアップを作成中...\n"
++#: src/config/SSSDConfig/sssdoptions.py:375
++msgid "How to dereference aliases"
++msgstr "エイリアスを参照解決する方法"
+
+-#: src/tools/sssctl/sssctl_data.c:238
+-msgid "Unable to create backup of local data, can not remove the cache.\n"
+-msgstr ""
+-"ローカルデータのバックアップの作成ができません。キャッシュを削除できませ"
+-"ん。\n"
++#: src/config/SSSDConfig/sssdoptions.py:376
++msgid "Service name for DNS service lookups"
++msgstr "DNS サービス検索のサービス名"
+
+-#: src/tools/sssctl/sssctl_data.c:243
+-msgid "Removing cache files...\n"
+-msgstr "キャッシュファイルの削除中...\n"
++#: src/config/SSSDConfig/sssdoptions.py:377
++msgid "The number of records to retrieve in a single LDAP query"
++msgstr "単一の LDAP クエリーにおいて取得するレコード数"
+
+-#: src/tools/sssctl/sssctl_data.c:246
+-msgid "Unable to remove cache files\n"
+-msgstr "キャッシュファイルを削除できません\n"
++#: src/config/SSSDConfig/sssdoptions.py:378
++msgid "The number of members that must be missing to trigger a full deref"
++msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
+
+-#: src/tools/sssctl/sssctl_data.c:251
+-msgid "Restoring local data...\n"
+-msgstr "ローカルデータの復元中...\n"
++#: src/config/SSSDConfig/sssdoptions.py:379
++msgid ""
++"Whether the LDAP library should perform a reverse lookup to canonicalize the "
++"host name during a SASL bind"
++msgstr "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行するかどうか"
+
+-#: src/tools/sssctl/sssctl_domains.c:83
+-msgid "Show domain list including primary or trusted domain type"
++#: src/config/SSSDConfig/sssdoptions.py:381
++msgid ""
++"Allows to retain local users as members of an LDAP group for servers that "
++"use the RFC2307 schema."
+ msgstr ""
+-"プライマリーまたは信頼されたドメインタイプを含むドメインリストを表示します"
+
+-#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
+-#: src/tools/sssctl/sssctl_user_checks.c:95
+-msgid "Unable to connect to system bus!\n"
+-msgstr "システムバスに接続できません。\n"
++#: src/config/SSSDConfig/sssdoptions.py:384
++msgid "entryUSN attribute"
++msgstr "entryUSN 属性"
+
+-#: src/tools/sssctl/sssctl_domains.c:167
+-msgid "Online"
+-msgstr "オンライン"
++#: src/config/SSSDConfig/sssdoptions.py:385
++msgid "lastUSN attribute"
++msgstr "lastUSN 属性"
+
+-#: src/tools/sssctl/sssctl_domains.c:167
+-msgid "Offline"
+-msgstr "オフライン"
++#: src/config/SSSDConfig/sssdoptions.py:387
++msgid ""
++"How long to retain a connection to the LDAP server before disconnecting"
++msgstr "LDAP サーバーを切断する前に接続を保持する時間"
+
+-#: src/tools/sssctl/sssctl_domains.c:167
+-#, c-format
+-msgid "Online status: %s\n"
+-msgstr "オンライン状態: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:390
++msgid "Disable the LDAP paging control"
++msgstr "LDAP ページング制御を無効化する"
+
+-#: src/tools/sssctl/sssctl_domains.c:213
+-msgid "This domain has no active servers.\n"
+-msgstr "このドメインには、アクティブなサーバーはありません。\n"
++#: src/config/SSSDConfig/sssdoptions.py:391
++msgid "Disable Active Directory range retrieval"
++msgstr "Active Directory 範囲の取得の無効化"
+
+-#: src/tools/sssctl/sssctl_domains.c:218
+-msgid "Active servers:\n"
+-msgstr "アクティブサーバー:\n"
++#: src/config/SSSDConfig/sssdoptions.py:394
++msgid "Length of time to wait for a search request"
++msgstr "検索要求を待つ時間"
+
+-#: src/tools/sssctl/sssctl_domains.c:230
+-msgid "not connected"
+-msgstr "接続していません"
++#: src/config/SSSDConfig/sssdoptions.py:395
++msgid "Length of time to wait for a enumeration request"
++msgstr "列挙の要求を待つ時間"
+
+-#: src/tools/sssctl/sssctl_domains.c:267
+-msgid "No servers discovered.\n"
+-msgstr "サーバーが見つかりません。\n"
++#: src/config/SSSDConfig/sssdoptions.py:396
++msgid "Length of time between enumeration updates"
++msgstr "列挙の更新間隔"
+
+-#: src/tools/sssctl/sssctl_domains.c:273
+-#, c-format
+-msgid "Discovered %s servers:\n"
+-msgstr "%s サーバーが見つかりました:\n"
++#: src/config/SSSDConfig/sssdoptions.py:397
++msgid "Length of time between cache cleanups"
++msgstr "キャッシュをクリーンアップする間隔"
+
+-#: src/tools/sssctl/sssctl_domains.c:285
+-msgid "None so far.\n"
+-msgstr "今のところありません。\n"
++#: src/config/SSSDConfig/sssdoptions.py:398
++msgid "Require TLS for ID lookups"
++msgstr "ID 検索に TLS を要求する"
+
+-#: src/tools/sssctl/sssctl_domains.c:325
+-msgid "Show online status"
+-msgstr "オンライン状態を表示"
++#: src/config/SSSDConfig/sssdoptions.py:399
++msgid "Use ID-mapping of objectSID instead of pre-set IDs"
++msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します"
+
+-#: src/tools/sssctl/sssctl_domains.c:326
+-msgid "Show information about active server"
+-msgstr "アクティブサーバーに関する情報の表示"
++#: src/config/SSSDConfig/sssdoptions.py:400
++msgid "Base DN for user lookups"
++msgstr "ユーザー検索のベース DN"
+
+-#: src/tools/sssctl/sssctl_domains.c:327
+-msgid "Show list of discovered servers"
+-msgstr "見つかったサーバーに関する一覧を表示"
++#: src/config/SSSDConfig/sssdoptions.py:401
++msgid "Scope of user lookups"
++msgstr "ユーザー検索の範囲"
+
+-#: src/tools/sssctl/sssctl_domains.c:333
+-msgid "Specify domain name."
+-msgstr "ドメイン名を指定します。"
++#: src/config/SSSDConfig/sssdoptions.py:402
++msgid "Filter for user lookups"
++msgstr "ユーザー検索のフィルター"
+
+-#: src/tools/sssctl/sssctl_domains.c:355
+-msgid "Out of memory!\n"
+-msgstr "メモリーの空き容量がありません。\n"
++#: src/config/SSSDConfig/sssdoptions.py:403
++msgid "Objectclass for users"
++msgstr "ユーザーのオブジェクトクラス"
+
+-#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
+-msgid "Unable to get online status\n"
+-msgstr "オンライン状態を取得できません\n"
++#: src/config/SSSDConfig/sssdoptions.py:404
++msgid "Username attribute"
++msgstr "ユーザー名の属性"
+
+-#: src/tools/sssctl/sssctl_domains.c:395
+-msgid "Unable to get server list\n"
+-msgstr "サーバー一覧を取得できません\n"
++#: src/config/SSSDConfig/sssdoptions.py:405
++msgid "UID attribute"
++msgstr "UID の属性"
+
+-#: src/tools/sssctl/sssctl_logs.c:46
+-msgid "\n"
+-msgstr "\n"
++#: src/config/SSSDConfig/sssdoptions.py:406
++msgid "Primary GID attribute"
++msgstr "プライマリー GID の属性"
+
+-#: src/tools/sssctl/sssctl_logs.c:236
+-msgid "Delete log files instead of truncating"
+-msgstr "切り捨てる代わりにログファイルを削除します"
++#: src/config/SSSDConfig/sssdoptions.py:407
++msgid "GECOS attribute"
++msgstr "GECOS の属性"
+
+-#: src/tools/sssctl/sssctl_logs.c:247
+-msgid "Deleting log files...\n"
+-msgstr "ログファイルを削除中...\n"
++#: src/config/SSSDConfig/sssdoptions.py:408
++msgid "Home directory attribute"
++msgstr "ホームディレクトリーの属性"
+
+-#: src/tools/sssctl/sssctl_logs.c:250
+-msgid "Unable to remove log files\n"
+-msgstr "ログファイルを削除できません\n"
++#: src/config/SSSDConfig/sssdoptions.py:409
++msgid "Shell attribute"
++msgstr "シェルの属性"
+
+-#: src/tools/sssctl/sssctl_logs.c:256
+-msgid "Truncating log files...\n"
+-msgstr "ログファイルを切り捨てます...\n"
++#: src/config/SSSDConfig/sssdoptions.py:410
++msgid "UUID attribute"
++msgstr "UUID 属性"
+
+-#: src/tools/sssctl/sssctl_logs.c:259
+-msgid "Unable to truncate log files\n"
+-msgstr "ログファイルの切り捨てができません\n"
++#: src/config/SSSDConfig/sssdoptions.py:411
++#: src/config/SSSDConfig/sssdoptions.py:449
++msgid "objectSID attribute"
++msgstr "objectSID 属性"
+
+-#: src/tools/sssctl/sssctl_logs.c:285
+-msgid "Out of memory!"
+-msgstr "メモリーの空き容量がありません。"
++#: src/config/SSSDConfig/sssdoptions.py:412
++msgid "Active Directory primary group attribute for ID-mapping"
++msgstr "ID マッピングの Active Directory プライマリーグループ属性"
+
+-#: src/tools/sssctl/sssctl_logs.c:288
+-#, c-format
+-msgid "Archiving log files into %s...\n"
+-msgstr "ログファイルを %s へアーカイブ中...\n"
++#: src/config/SSSDConfig/sssdoptions.py:413
++msgid "User principal attribute (for Kerberos)"
++msgstr "ユーザープリンシパルの属性(Kerberos 用)"
+
+-#: src/tools/sssctl/sssctl_logs.c:291
+-msgid "Unable to archive log files\n"
+-msgstr "ログファイルのアーカイブができません\n"
++#: src/config/SSSDConfig/sssdoptions.py:414
++msgid "Full Name"
++msgstr "氏名"
+
+-#: src/tools/sssctl/sssctl_logs.c:316
+-msgid "Specify debug level you want to set"
+-msgstr "設定したいデバッグレベルを指定します"
++#: src/config/SSSDConfig/sssdoptions.py:415
++msgid "memberOf attribute"
++msgstr "memberOf 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:117
+-msgid "SSSD InfoPipe user lookup result:\n"
+-msgstr "SSSD InfoPipe ユーザー検索の結果:\n"
++#: src/config/SSSDConfig/sssdoptions.py:416
++msgid "Modification time attribute"
++msgstr "変更日時の属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:167
+-#, c-format
+-msgid "dlopen failed with [%s].\n"
+-msgstr "dlopen は [%s] で失敗しました。\n"
++#: src/config/SSSDConfig/sssdoptions.py:417
++msgid "shadowLastChange attribute"
++msgstr "shadowLastChange 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:174
+-#, c-format
+-msgid "dlsym failed with [%s].\n"
+-msgstr "dlsym は [%s] で失敗しました。\n"
++#: src/config/SSSDConfig/sssdoptions.py:418
++msgid "shadowMin attribute"
++msgstr "shadowMin 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:182
+-msgid "malloc failed.\n"
+-msgstr "malloc は失敗しました。\n"
++#: src/config/SSSDConfig/sssdoptions.py:419
++msgid "shadowMax attribute"
++msgstr "shadowMax 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:189
+-#, c-format
+-msgid "sss_getpwnam_r failed with [%d].\n"
+-msgstr "sss_getpwnam_r が [%d] で失敗しました。\n"
++#: src/config/SSSDConfig/sssdoptions.py:420
++msgid "shadowWarning attribute"
++msgstr "shadowWarning 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:194
+-msgid "SSSD nss user lookup result:\n"
+-msgstr "SSSD nss ユーザー検索の結果:\n"
++#: src/config/SSSDConfig/sssdoptions.py:421
++msgid "shadowInactive attribute"
++msgstr "shadowInactive 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:195
+-#, c-format
+-msgid " - user name: %s\n"
+-msgstr " - user name: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:422
++msgid "shadowExpire attribute"
++msgstr "shadowExpire 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:196
+-#, c-format
+-msgid " - user id: %d\n"
+-msgstr " - user id: %d\n"
++#: src/config/SSSDConfig/sssdoptions.py:423
++msgid "shadowFlag attribute"
++msgstr "shadowFlag 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:197
+-#, c-format
+-msgid " - group id: %d\n"
+-msgstr " - group id: %d\n"
++#: src/config/SSSDConfig/sssdoptions.py:424
++msgid "Attribute listing authorized PAM services"
++msgstr "認可された PAM サービスを一覧化する属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:198
+-#, c-format
+-msgid " - gecos: %s\n"
+-msgstr " - gecos: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:425
++msgid "Attribute listing authorized server hosts"
++msgstr "認可されたサーバーホストを一覧化する属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:199
+-#, c-format
+-msgid " - home directory: %s\n"
+-msgstr " - home directory: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:426
++msgid "Attribute listing authorized server rhosts"
++msgstr "認可されたサーバー rhosts を一覧化する属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:200
+-#, c-format
+-msgid ""
+-" - shell: %s\n"
+-"\n"
+-msgstr ""
+-" - shell: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:427
++msgid "krbLastPwdChange attribute"
++msgstr "krbLastPwdChange 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:232
+-msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
+-msgstr "PAM アクション [auth|acct|setc|chau|open|clos]、デフォルト: "
++#: src/config/SSSDConfig/sssdoptions.py:428
++msgid "krbPasswordExpiration attribute"
++msgstr "krbPasswordExpiration 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:235
+-msgid "PAM service, default: "
+-msgstr "PAM サービス、デフォルト: "
++#: src/config/SSSDConfig/sssdoptions.py:429
++msgid "Attribute indicating that server side password policies are active"
++msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:240
+-msgid "Specify user name."
+-msgstr "ユーザー名を指定します。"
++#: src/config/SSSDConfig/sssdoptions.py:430
++msgid "accountExpires attribute of AD"
++msgstr "AD の accountExpires 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:247
+-#, c-format
+-msgid ""
+-"user: %s\n"
+-"action: %s\n"
+-"service: %s\n"
+-"\n"
+-msgstr ""
+-"ユーザー: %s\n"
+-"アクション: %s\n"
+-"サービス: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:431
++msgid "userAccountControl attribute of AD"
++msgstr "AD の userAccountControl 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:252
+-#, c-format
+-msgid "User name lookup with [%s] failed.\n"
+-msgstr "[%s] でのユーザー名の検索に失敗しました。\n"
++#: src/config/SSSDConfig/sssdoptions.py:432
++msgid "nsAccountLock attribute"
++msgstr "nsAccountLock 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:257
+-#, c-format
+-msgid "InfoPipe User lookup with [%s] failed.\n"
+-msgstr "[%s] での InfoPipe ユーザーの検索に失敗しました。\n"
++#: src/config/SSSDConfig/sssdoptions.py:433
++msgid "loginDisabled attribute of NDS"
++msgstr "NDS の loginDisabled 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:263
+-#, c-format
+-msgid "pam_start failed: %s\n"
+-msgstr "pam_start に失敗しました: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:434
++msgid "loginExpirationTime attribute of NDS"
++msgstr "NDS の loginExpirationTime 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:268
+-msgid ""
+-"testing pam_authenticate\n"
+-"\n"
+-msgstr ""
+-"pam_authenticate のテスト中\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:435
++msgid "loginAllowedTimeMap attribute of NDS"
++msgstr "NDS の loginAllowedTimeMap 属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:272
+-#, c-format
+-msgid "pam_get_item failed: %s\n"
+-msgstr "pam_get_item に失敗しました: %s\n"
++#: src/config/SSSDConfig/sssdoptions.py:436
++msgid "SSH public key attribute"
++msgstr "SSH 公開鍵の属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:275
+-#, c-format
+-msgid ""
+-"pam_authenticate for user [%s]: %s\n"
+-"\n"
+-msgstr ""
+-"ユーザー [%s] 向けの pam_authenticate: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:437
++msgid "attribute listing allowed authentication types for a user"
++msgstr "ユーザー用に許可された認証タイプを一覧化する属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:278
+-msgid ""
+-"testing pam_chauthtok\n"
+-"\n"
+-msgstr ""
+-"pam_chauthtok のテスト中\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:438
++msgid "attribute containing the X509 certificate of the user"
++msgstr "ユーザーの X509 証明書を含む属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:280
+-#, c-format
+-msgid ""
+-"pam_chauthtok: %s\n"
+-"\n"
+-msgstr ""
+-"pam_chauthtok: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:439
++msgid "attribute containing the email address of the user"
++msgstr "ユーザーの電子メールアドレスを含む属性"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:282
+-msgid ""
+-"testing pam_acct_mgmt\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:440
++msgid "A list of extra attributes to download along with the user entry"
++msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧"
++
++#: src/config/SSSDConfig/sssdoptions.py:442
++msgid "Base DN for group lookups"
++msgstr "グループ検索のベース DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:443
++msgid "Objectclass for groups"
++msgstr "グループのオブジェクトクラス"
++
++#: src/config/SSSDConfig/sssdoptions.py:444
++msgid "Group name"
++msgstr "グループ名"
++
++#: src/config/SSSDConfig/sssdoptions.py:445
++msgid "Group password"
++msgstr "グループのパスワード"
++
++#: src/config/SSSDConfig/sssdoptions.py:446
++msgid "GID attribute"
++msgstr "GID 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:447
++msgid "Group member attribute"
++msgstr "グループメンバー属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:448
++msgid "Group UUID attribute"
++msgstr "グループ UUID 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:450
++msgid "Modification time attribute for groups"
++msgstr "グループの変更日時の属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:451
++msgid "Type of the group and other flags"
++msgstr "グループおよび他のフラグのタイプ"
++
++#: src/config/SSSDConfig/sssdoptions.py:452
++msgid "The LDAP group external member attribute"
++msgstr "LDAP グループの外部メンバーの属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:453
++msgid "Maximum nesting level SSSD will follow"
++msgstr "SSSD が従う最大ネストレベル"
++
++#: src/config/SSSDConfig/sssdoptions.py:454
++msgid "Filter for group lookups"
+ msgstr ""
+-"pam_acct_mgmt のテスト中\n"
+-"\n"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:284
+-#, c-format
+-msgid ""
+-"pam_acct_mgmt: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:455
++msgid "Scope of group lookups"
+ msgstr ""
+-"pam_acct_mgmt: %s\n"
+-"\n"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:286
+-msgid ""
+-"testing pam_setcred\n"
+-"\n"
+-msgstr ""
+-"pam_setcred のテスト中\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:457
++msgid "Base DN for netgroup lookups"
++msgstr "ネットグループ検索のベース DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:458
++msgid "Objectclass for netgroups"
++msgstr "ネットグループのオブジェクトクラス"
++
++#: src/config/SSSDConfig/sssdoptions.py:459
++msgid "Netgroup name"
++msgstr "ネットグループ名"
++
++#: src/config/SSSDConfig/sssdoptions.py:460
++msgid "Netgroups members attribute"
++msgstr "ネットグループメンバーの属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:461
++msgid "Netgroup triple attribute"
++msgstr "ネットグループの三つ組の属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:462
++msgid "Modification time attribute for netgroups"
++msgstr "ネットグループの変更日時の属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:464
++msgid "Base DN for service lookups"
++msgstr "サービス検索のベース DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:465
++msgid "Objectclass for services"
++msgstr "サービスのオブジェクトクラス"
++
++#: src/config/SSSDConfig/sssdoptions.py:466
++msgid "Service name attribute"
++msgstr "サービス名の属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:467
++msgid "Service port attribute"
++msgstr "サービスポートの属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:468
++msgid "Service protocol attribute"
++msgstr "サービスプロトコルの属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:470
++msgid "Lower bound for ID-mapping"
++msgstr "ID マッピングの下限"
++
++#: src/config/SSSDConfig/sssdoptions.py:471
++msgid "Upper bound for ID-mapping"
++msgstr "ID マッピングの上限"
++
++#: src/config/SSSDConfig/sssdoptions.py:472
++msgid "Number of IDs for each slice when ID-mapping"
++msgstr "ID マッピングするとき、各スライスに対する ID の数"
++
++#: src/config/SSSDConfig/sssdoptions.py:473
++msgid "Use autorid-compatible algorithm for ID-mapping"
++msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します"
++
++#: src/config/SSSDConfig/sssdoptions.py:474
++msgid "Name of the default domain for ID-mapping"
++msgstr "ID マッピングに対するデフォルトドメインの名前"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:288
+-#, c-format
+-msgid ""
+-"pam_setcred: [%s]\n"
+-"\n"
+-msgstr ""
+-"pam_setcred: [%s]\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:475
++msgid "SID of the default domain for ID-mapping"
++msgstr "ID マッピングに対するデフォルトドメインの SID"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:290
+-msgid ""
+-"testing pam_open_session\n"
+-"\n"
+-msgstr ""
+-"pam_open_session のテスト中\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:476
++msgid "Number of secondary slices"
++msgstr "セカンダリースライスの数"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:292
+-#, c-format
+-msgid ""
+-"pam_open_session: %s\n"
+-"\n"
+-msgstr ""
+-"pam_open_session: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:478
++msgid "Whether to use Token-Groups"
++msgstr "Token-Group を使うかどうか"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:294
+-msgid ""
+-"testing pam_close_session\n"
+-"\n"
+-msgstr ""
+-"pam_close_session のテスト中\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:479
++msgid "Set lower boundary for allowed IDs from the LDAP server"
++msgstr "LDAP サーバーから許可される ID の下限の設定"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:296
+-#, c-format
+-msgid ""
+-"pam_close_session: %s\n"
+-"\n"
+-msgstr ""
+-"pam_close_session: %s\n"
+-"\n"
++#: src/config/SSSDConfig/sssdoptions.py:480
++msgid "Set upper boundary for allowed IDs from the LDAP server"
++msgstr "LDAP サーバーから許可される ID の上限の設定"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:298
+-msgid "unknown action\n"
+-msgstr "不明なアクション\n"
++#: src/config/SSSDConfig/sssdoptions.py:481
++msgid "DN for ppolicy queries"
++msgstr "ppolicy クエリーの DN"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:301
+-msgid "PAM Environment:\n"
+-msgstr "PAM 環境:\n"
++#: src/config/SSSDConfig/sssdoptions.py:482
++msgid "How many maximum entries to fetch during a wildcard request"
++msgstr "ワイルドカードの要求の間に取得する最大エントリーの数"
+
+-#: src/tools/sssctl/sssctl_user_checks.c:309
+-msgid " - no env -\n"
+-msgstr " - no env -\n"
++#: src/config/SSSDConfig/sssdoptions.py:485
++msgid "Policy to evaluate the password expiration"
++msgstr "パスワード失効の評価のポリシー"
+
+-#: src/util/util.h:82
+-msgid "The user ID to run the server as"
+-msgstr "次のようにサーバーを実行するユーザー ID"
++#: src/config/SSSDConfig/sssdoptions.py:489
++msgid "Which attributes shall be used to evaluate if an account is expired"
++msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
+
+-#: src/util/util.h:84
+-msgid "The group ID to run the server as"
+-msgstr "次のようにサーバーを実行するグループ ID"
++#: src/config/SSSDConfig/sssdoptions.py:490
++msgid "Which rules should be used to evaluate access control"
++msgstr "どのルールがアクセス制御を評価するために使用されるか"
+
+-#: src/util/util.h:92
+-msgid "Informs that the responder has been socket-activated"
+-msgstr "レスポンダーがソケットでアクティベートされたと知らせます"
++#: src/config/SSSDConfig/sssdoptions.py:493
++msgid "URI of an LDAP server where password changes are allowed"
++msgstr "パスワードの変更が許可される LDAP サーバーの URI"
+
+-#: src/util/util.h:94
+-msgid "Informs that the responder has been dbus-activated"
+-msgstr "レスポンダーが dbus でアクティベートされたと知らせます"
++#: src/config/SSSDConfig/sssdoptions.py:494
++msgid "URI of a backup LDAP server where password changes are allowed"
++msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI"
+
+-#~ msgid "Set the verbosity of the debug logging"
+-#~ msgstr "デバッグのロギングの冗長性を設定する"
++#: src/config/SSSDConfig/sssdoptions.py:495
++msgid "DNS service name for LDAP password change server"
++msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
+
+-#~ msgid "Include timestamps in debug logs"
+-#~ msgstr "デバッグログにタイムスタンプを含める"
++#: src/config/SSSDConfig/sssdoptions.py:496
++msgid ""
++"Whether to update the ldap_user_shadow_last_change attribute after a "
++"password change"
++msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか"
+
+-#~ msgid "Include microseconds in timestamps in debug logs"
+-#~ msgstr "デバッグログにミリ秒単位のタイムスタンプを含める"
++#: src/config/SSSDConfig/sssdoptions.py:500
++msgid "Base DN for sudo rules lookups"
++msgstr "sudo ルール検索のベース DN"
+
+-#~ msgid "Write debug messages to logfiles"
+-#~ msgstr "デバッグメッセージをログファイルに書き込む"
++#: src/config/SSSDConfig/sssdoptions.py:501
++msgid "Automatic full refresh period"
++msgstr "自動的な完全更新間隔"
+
+-#~ msgid "Watchdog timeout before restarting service"
+-#~ msgstr "サービス再起動前の Watchdog タイムアウト"
++#: src/config/SSSDConfig/sssdoptions.py:502
++msgid "Automatic smart refresh period"
++msgstr "自動的なスマート更新間隔"
+
+-#~ msgid "Command to start service"
+-#~ msgstr "サービス開始のコマンド"
++#: src/config/SSSDConfig/sssdoptions.py:503
++msgid "Whether to filter rules by hostname, IP addresses and network"
++msgstr "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどうか"
+
+-#~ msgid "Number of times to attempt connection to Data Providers"
+-#~ msgstr "データプロバイダーの接続を試行する回数"
++#: src/config/SSSDConfig/sssdoptions.py:504
++msgid ""
++"Hostnames and/or fully qualified domain names of this machine to filter sudo "
++"rules"
++msgstr "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン名"
+
+-#~ msgid "The number of file descriptors that may be opened by this responder"
+-#~ msgstr "このレスポンダーににより開かれるファイル記述子の数"
++#: src/config/SSSDConfig/sssdoptions.py:505
++msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
++msgstr "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネットワーク"
+
+-#~ msgid "Idle time before automatic disconnection of a client"
+-#~ msgstr "クライアントの自動切断までのアイドル時間"
++#: src/config/SSSDConfig/sssdoptions.py:506
++msgid "Whether to include rules that contains netgroup in host attribute"
++msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか"
+
+-#~ msgid "Idle time before automatic shutdown of the responder"
+-#~ msgstr "レスポンダーの自動シャットダウンまでのアイドル時間"
++#: src/config/SSSDConfig/sssdoptions.py:507
++msgid ""
++"Whether to include rules that contains regular expression in host attribute"
++msgstr "ホスト属性に正規表現を含むルールを含めるかどうか"
+
+-#~ msgid "Always query all the caches before querying the Data Providers"
+-#~ msgstr ""
+-#~ "データプロバイダーをクエリーする前に、常にすべてのキャッシュをクエリーしま"
+-#~ "す"
++#: src/config/SSSDConfig/sssdoptions.py:508
++msgid "Object class for sudo rules"
++msgstr "sudo ルールのオブジェクトクラス"
+
+-#~ msgid "SSSD Services to start"
+-#~ msgstr "開始する SSSD サービス"
++#: src/config/SSSDConfig/sssdoptions.py:509
++msgid "Name of attribute that is used as object class for sudo rules"
++msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前"
+
+-#~ msgid "SSSD Domains to start"
+-#~ msgstr "開始する SSSD ドメイン"
++#: src/config/SSSDConfig/sssdoptions.py:510
++msgid "Sudo rule name"
++msgstr "sudo ルール名"
+
+-#~ msgid "Timeout for messages sent over the SBUS"
+-#~ msgstr "SBUS 経由のメッセージ送信のタイムアウト"
++#: src/config/SSSDConfig/sssdoptions.py:511
++msgid "Sudo rule command attribute"
++msgstr "sudo ルールのコマンドの属性"
+
+-#~ msgid "Regex to parse username and domain"
+-#~ msgstr "ユーザー名とドメインを構文解析する正規表現"
++#: src/config/SSSDConfig/sssdoptions.py:512
++msgid "Sudo rule host attribute"
++msgstr "sudo ルールのホストの属性"
+
+-#~ msgid "Printf-compatible format for displaying fully-qualified names"
+-#~ msgstr "完全修飾名を表示するための printf 互換の形式"
++#: src/config/SSSDConfig/sssdoptions.py:513
++msgid "Sudo rule user attribute"
++msgstr "sudo ルールのユーザーの属性"
+
+-#~ msgid ""
+-#~ "Directory on the filesystem where SSSD should store Kerberos replay cache "
+-#~ "files."
+-#~ msgstr ""
+-#~ "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムの"
+-#~ "ディレクトリーです。"
++#: src/config/SSSDConfig/sssdoptions.py:514
++msgid "Sudo rule option attribute"
++msgstr "sudo ルールのオプションの属性"
+
+-#~ msgid "Domain to add to names without a domain component."
+-#~ msgstr "domain 要素なしで追加するドメインの名前。"
++#: src/config/SSSDConfig/sssdoptions.py:515
++msgid "Sudo rule runas attribute"
++msgstr "sudo ルールの runas の属性"
+
+-#~ msgid "The user to drop privileges to"
+-#~ msgstr "ユーザーが特権を停止します"
++#: src/config/SSSDConfig/sssdoptions.py:516
++msgid "Sudo rule runasuser attribute"
++msgstr "sudo ルールの runasuser の属性"
+
+-#~ msgid "Tune certificate verification"
+-#~ msgstr "証明書検証の調整"
++#: src/config/SSSDConfig/sssdoptions.py:517
++msgid "Sudo rule runasgroup attribute"
++msgstr "sudo ルールの runasgroup の属性"
+
+-#~ msgid ""
+-#~ "All spaces in group or user names will be replaced with this character"
+-#~ msgstr ""
+-#~ "グループ名またはユーザー名のすべてのスペースは、この文字に置き換えられます"
++#: src/config/SSSDConfig/sssdoptions.py:518
++msgid "Sudo rule notbefore attribute"
++msgstr "sudo ルールの notbefore の属性"
+
+-#~ msgid "Tune sssd to honor or ignore netlink state changes"
+-#~ msgstr "SSSD を調整し、netlink の状態変更を尊重するか、または無視します"
++#: src/config/SSSDConfig/sssdoptions.py:519
++msgid "Sudo rule notafter attribute"
++msgstr "sudo ルールの notafter の属性"
+
+-#~ msgid "Enable or disable the implicit files domain"
+-#~ msgstr "暗黙のファイルドメインを有効化または無効化する"
++#: src/config/SSSDConfig/sssdoptions.py:520
++msgid "Sudo rule order attribute"
++msgstr "sudo ルールの order の属性"
+
+-#~ msgid "A specific order of the domains to be looked up"
+-#~ msgstr "検索するドメインの特定の順番"
++#: src/config/SSSDConfig/sssdoptions.py:523
++msgid "Object class for automounter maps"
++msgstr "automounter マップのオブジェクトクラス"
+
+-#~ msgid "Enumeration cache timeout length (seconds)"
+-#~ msgstr "列挙キャッシュのタイムアウト(秒)"
++#: src/config/SSSDConfig/sssdoptions.py:524
++msgid "Automounter map name attribute"
++msgstr "オートマウントのマップ名の属性"
+
+-#~ msgid "Entry cache background update timeout length (seconds)"
+-#~ msgstr "エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)"
++#: src/config/SSSDConfig/sssdoptions.py:525
++msgid "Object class for automounter map entries"
++msgstr "automounter マップエントリーのオブジェクトクラス"
+
+-#~ msgid "Negative cache timeout length (seconds)"
+-#~ msgstr "ネガティブキャッシュのタイムアウト(秒)"
++#: src/config/SSSDConfig/sssdoptions.py:526
++msgid "Automounter map entry key attribute"
++msgstr "automounter マップエントリーの鍵属性"
+
+-#~ msgid "Files negative cache timeout length (seconds)"
+-#~ msgstr "ファイルネガティブキャッシュのタイムアウト時間(秒)"
++#: src/config/SSSDConfig/sssdoptions.py:527
++msgid "Automounter map entry value attribute"
++msgstr "automounter マップエントリーの値属性"
+
+-#~ msgid "Users that SSSD should explicitly ignore"
+-#~ msgstr "SSSD が明示的に無視するユーザー"
++#: src/config/SSSDConfig/sssdoptions.py:528
++msgid "Base DN for automounter map lookups"
++msgstr "automonter のマップ検索のベース DN"
+
+-#~ msgid "Groups that SSSD should explicitly ignore"
+-#~ msgstr "SSSD が明示的に無視するグループ"
++#: src/config/SSSDConfig/sssdoptions.py:529
++msgid "The name of the automount master map in LDAP."
++msgstr ""
+
+-#~ msgid "Should filtered users appear in groups"
+-#~ msgstr "フィルターされたユーザーをグループに表示する"
++#: src/config/SSSDConfig/sssdoptions.py:532
++msgid "Base DN for IP hosts lookups"
++msgstr ""
+
+-#~ msgid "The value of the password field the NSS provider should return"
+-#~ msgstr "NSS プロバイダーが返すパスワード項目の値"
++#: src/config/SSSDConfig/sssdoptions.py:533
++msgid "Object class for IP hosts"
++msgstr ""
+
+-#~ msgid "Override homedir value from the identity provider with this value"
+-#~ msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする"
++#: src/config/SSSDConfig/sssdoptions.py:534
++msgid "IP host name attribute"
++msgstr ""
+
+-#~ msgid ""
+-#~ "Substitute empty homedir value from the identity provider with this value"
+-#~ msgstr ""
+-#~ "アイデンティティープロバイダーからの空のホームディレクトリーをこの値で置き"
+-#~ "換えます"
++#: src/config/SSSDConfig/sssdoptions.py:535
++msgid "IP host number (address) attribute"
++msgstr ""
+
+-#~ msgid "Override shell value from the identity provider with this value"
+-#~ msgstr "アイデンティティープロバイダーからのシェル値をこの値で上書きします"
++#: src/config/SSSDConfig/sssdoptions.py:536
++msgid "IP host entryUSN attribute"
++msgstr ""
+
+-#~ msgid "The list of shells users are allowed to log in with"
+-#~ msgstr "ユーザーがログインを許可されるシェルの一覧"
++#: src/config/SSSDConfig/sssdoptions.py:537
++msgid "Base DN for IP networks lookups"
++msgstr ""
+
+-#~ msgid ""
+-#~ "The list of shells that will be vetoed, and replaced with the fallback "
+-#~ "shell"
+-#~ msgstr "拒否されてフォールバックシェルで置き換えられるシェルの一覧"
++#: src/config/SSSDConfig/sssdoptions.py:538
++msgid "Object class for IP networks"
++msgstr ""
+
+-#~ msgid ""
+-#~ "If a shell stored in central directory is allowed but not available, use "
+-#~ "this fallback"
+-#~ msgstr ""
+-#~ "中央ディレクトリーに保存されたシェルが許可されるが、利用できない場合、この"
+-#~ "フォールバックを使用する"
++#: src/config/SSSDConfig/sssdoptions.py:539
++msgid "IP network name attribute"
++msgstr ""
+
+-#~ msgid "Shell to use if the provider does not list one"
+-#~ msgstr "プロバイダーが一覧に持っていないとき使用するシェル"
++#: src/config/SSSDConfig/sssdoptions.py:540
++msgid "IP network number (address) attribute"
++msgstr ""
+
+-#~ msgid "How long will be in-memory cache records valid"
+-#~ msgstr "メモリー内のキャッシュレコードが有効な期間"
++#: src/config/SSSDConfig/sssdoptions.py:541
++msgid "IP network entryUSN attribute"
++msgstr ""
+
+-#~ msgid "List of user attributes the NSS responder is allowed to publish"
+-#~ msgstr "NSS レスポンダーがパブリッシュを許可されたユーザー属性の一覧"
++#: src/config/SSSDConfig/sssdoptions.py:544
++msgid "Comma separated list of allowed users"
++msgstr "許可ユーザーのカンマ区切り一覧"
+
+-#~ msgid "How long to allow cached logins between online logins (days)"
+-#~ msgstr ""
+-#~ "オンラインログイン中にキャッシュによるログインが許容される期間(日数)"
++#: src/config/SSSDConfig/sssdoptions.py:545
++msgid "Comma separated list of prohibited users"
++msgstr "禁止ユーザーのカンマ区切り一覧"
+
+-#~ msgid "How many failed logins attempts are allowed when offline"
+-#~ msgstr "オフラインの時に許容されるログイン試行失敗回数"
++#: src/config/SSSDConfig/sssdoptions.py:546
++msgid ""
++"Comma separated list of groups that are allowed to log in. This applies only "
++"to groups within this SSSD domain. Local groups are not evaluated."
++msgstr ""
++"Comma separated list of groups that are allowed to log in. This applies only "
++"to groups within this SSSD domain. Local groups are not evaluated."
+
+-#~ msgid ""
+-#~ "How long (minutes) to deny login after offline_failed_login_attempts has "
+-#~ "been reached"
+-#~ msgstr ""
+-#~ "offline_failed_login_attempts に達した後にログインを拒否する時間(分)"
++#: src/config/SSSDConfig/sssdoptions.py:548
++msgid ""
++"Comma separated list of groups that are explicitly denied access. This "
++"applies only to groups within this SSSD domain. Local groups are not "
++"evaluated."
++msgstr ""
++"Comma separated list of groups that are explicitly denied access. This "
++"applies only to groups within this SSSD domain. Local groups are not "
++"evaluated."
+
+-#~ msgid ""
+-#~ "What kind of messages are displayed to the user during authentication"
+-#~ msgstr "認証中にユーザーに表示されるメッセージの種類"
++#: src/config/SSSDConfig/sssdoptions.py:552
++msgid "Base for home directories"
++msgstr "ホームディレクトリーのベース"
+
+-#~ msgid "Filter PAM responses sent to the pam_sss"
+-#~ msgstr "pam_sss へ送信された PAM のレスポンスをフィルタリングします"
++#: src/config/SSSDConfig/sssdoptions.py:553
++msgid "Indicate if a home directory should be created for new users."
++msgstr ""
+
+-#~ msgid ""
+-#~ "How many seconds to keep identity information cached for PAM requests"
+-#~ msgstr "PAM 要求に対してキャッシュされた認証情報を保持する秒数"
++#: src/config/SSSDConfig/sssdoptions.py:554
++msgid "Indicate if a home directory should be removed for deleted users."
++msgstr ""
+
+-#~ msgid ""
+-#~ "How many days before password expiration a warning should be displayed"
+-#~ msgstr "警告が表示されるパスワード失効前の日数"
++#: src/config/SSSDConfig/sssdoptions.py:555
++msgid "Specify the default permissions on a newly created home directory."
++msgstr ""
+
+-#~ msgid "List of trusted uids or user's name"
+-#~ msgstr "信頼できる UID またはユーザー名の一覧"
++#: src/config/SSSDConfig/sssdoptions.py:556
++msgid "The skeleton directory."
++msgstr ""
+
+-#~ msgid "List of domains accessible even for untrusted users."
+-#~ msgstr "信頼できないユーザーでさえアクセス可能なドメインの一覧。"
++#: src/config/SSSDConfig/sssdoptions.py:557
++msgid "The mail spool directory."
++msgstr ""
+
+-#~ msgid "Message printed when user account is expired."
+-#~ msgstr "ユーザーアカウントの有効期限が切れると、メッセージが印刷されます。"
++#: src/config/SSSDConfig/sssdoptions.py:558
++msgid "The command that is run after a user is removed."
++msgstr ""
+
+-#~ msgid "Message printed when user account is locked."
+-#~ msgstr "ユーザーアカウントがロックされると、メッセージが印刷されます。"
++#: src/config/SSSDConfig/sssdoptions.py:561
++msgid "The number of preforked proxy children."
++msgstr "事前にフォークされた子プロキシーの数。"
+
+-#~ msgid "Allow certificate based/Smartcard authentication."
+-#~ msgstr "証明書ベースまたはスマートカードによる認証を許可します。"
++#: src/config/SSSDConfig/sssdoptions.py:564
++msgid "The name of the NSS library to use"
++msgstr "使用する NSS ライブラリーの名前"
+
+-#~ msgid "Path to certificate database with PKCS#11 modules."
+-#~ msgstr "PKCS#11 モジュールでの証明書データベースへのパス。"
++#: src/config/SSSDConfig/sssdoptions.py:565
++msgid "The name of the NSS library to use for hosts and networks lookups"
++msgstr ""
+
+-#~ msgid "How many seconds will pam_sss wait for p11_child to finish"
+-#~ msgstr "p11_child が完了するまでに pam_sss が待つ秒数"
++#: src/config/SSSDConfig/sssdoptions.py:566
++msgid "Whether to look up canonical group name from cache if possible"
++msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
+
+-#~ msgid "Which PAM services are permitted to contact application domains"
+-#~ msgstr "アプリケーションドメインへの接続を許可される PAM サービスはどれか"
++#: src/config/SSSDConfig/sssdoptions.py:569
++msgid "PAM stack to use"
++msgstr "使用する PAM スタック"
+
+-#~ msgid "Allowed services for using smartcards"
+-#~ msgstr "スマートカードの使用が許可されたサービス"
++#: src/config/SSSDConfig/sssdoptions.py:572
++msgid "Path of passwd file sources."
++msgstr "passwd ファイルソースへのパス"
+
+-#~ msgid "Additional timeout to wait for a card if requested"
+-#~ msgstr "要求された場合に、カードが待つ追加のタイムアウト"
++#: src/config/SSSDConfig/sssdoptions.py:573
++msgid "Path of group file sources."
++msgstr "グループファイルソースへのパス"
+
+-#~ msgid ""
+-#~ "PKCS#11 URI to restrict the selection of devices for Smartcard "
+-#~ "authentication"
+-#~ msgstr "スマートカード認証向けのデバイスの選択を PKCS#11 URI が制限"
++#: src/monitor/monitor.c:2371
++msgid "Become a daemon (default)"
++msgstr "デーモンとして実行(デフォルト)"
+
+-#~ msgid "Whether to evaluate the time-based attributes in sudo rules"
+-#~ msgstr "sudo ルールにおいて時間による属性を評価するかどうか"
++#: src/monitor/monitor.c:2373
++msgid "Run interactive (not a daemon)"
++msgstr "対話的に実行(デーモンではない)"
+
+-#~ msgid "If true, SSSD will switch back to lower-wins ordering logic"
+-#~ msgstr ""
+-#~ "正しい場合、SSSD は小さい番号が優先される順位付けのロジックへ戻ります"
++#: src/monitor/monitor.c:2376
++msgid "Disable netlink interface"
++msgstr "netlink インターフェースを無効にする"
+
+-#~ msgid ""
+-#~ "Maximum number of rules that can be refreshed at once. If this is "
+-#~ "exceeded, full refresh is performed."
+-#~ msgstr ""
+-#~ "一度にリフレッシュ可能なルールの最大数。最大数を超えると、フルリフレッシュ"
+-#~ "が実行されます。"
++#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_config.c:77
++#: src/tools/sssctl/sssctl_logs.c:310
++msgid "Specify a non-default config file"
++msgstr "非標準の設定ファイルの指定"
+
+-#~ msgid "Whether to hash host names and addresses in the known_hosts file"
+-#~ msgstr ""
+-#~ "known_hosts ファイルにおいてホスト名とアドレスをハッシュ化するかどうか"
++#: src/monitor/monitor.c:2380
++msgid "Refresh the configuration database, then exit"
++msgstr "設定データベースをリフレッシュし、その後終了します"
+
+-#~ msgid ""
+-#~ "How many seconds to keep a host in the known_hosts file after its host "
+-#~ "keys were requested"
+-#~ msgstr "ホスト鍵が要求された後 known_hosts ファイルにホストを保持する秒数"
++#: src/monitor/monitor.c:2383
++msgid "Similar to --genconf, but only refreshes the given section"
++msgstr "--genconf と似ていますが、任意のセクションのみをリフレッシュします"
+
+-#~ msgid "Path to storage of trusted CA certificates"
+-#~ msgstr "信頼された CA 証明書のストレージへのパス"
++#: src/monitor/monitor.c:2386
++msgid "Print version number and exit"
++msgstr "バージョン番号を表示して終了する"
+
+-#~ msgid "Allow to generate ssh-keys from certificates"
+-#~ msgstr "証明書からの ssh-key の生成を許可します"
++#: src/monitor/monitor.c:2532
++msgid "SSSD is already running\n"
++msgstr "SSSD はすでに実行中です\n"
+
+-#~ msgid ""
+-#~ "Use the following matching rules to filter the certificates for ssh-key "
+-#~ "generation"
+-#~ msgstr ""
+-#~ "以下の一致するルールを使用して、ssh-key 生成用の証明書をフィルタリングしま"
+-#~ "す"
++#: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
++msgid "Debug level"
++msgstr "デバッグレベル"
+
+-#~ msgid "List of UIDs or user names allowed to access the PAC responder"
+-#~ msgstr "PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
++#: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
++msgid "Add debug timestamps"
++msgstr "デバッグのタイムスタンプを追加する"
+
+-#~ msgid "How long the PAC data is considered valid"
+-#~ msgstr "PAC データが有効とされる期間"
++#: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
++msgid "Show timestamps with microseconds"
++msgstr "タイムスタンプをミリ秒単位で表示する"
+
+-#~ msgid "List of UIDs or user names allowed to access the InfoPipe responder"
+-#~ msgstr ""
+-#~ "InfoPipe レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
++#: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
++msgid "An open file descriptor for the debug logs"
++msgstr "デバッグログのオープンファイルディスクリプター"
+
+-#~ msgid "List of user attributes the InfoPipe is allowed to publish"
+-#~ msgstr "InfoPipe がパブリッシュを許可されたユーザー属性の一覧"
++#: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
++msgid "Send the debug output to stderr directly."
++msgstr "デバッグ出力を stderr に直接送信します。"
+
+-#~ msgid "The provider where the secrets will be stored in"
+-#~ msgstr "シークレットが保存されるプロバイダー"
++#: src/providers/krb5/krb5_child.c:3245
++msgid "The user to create FAST ccache as"
++msgstr "次のように FAST ccache を作成するユーザー"
+
+-#~ msgid "The maximum allowed number of nested containers"
+-#~ msgstr "ネストされたコンテナーの最大許可数"
++#: src/providers/krb5/krb5_child.c:3247
++msgid "The group to create FAST ccache as"
++msgstr "次のように FAST ccache を作成するグループ"
+
+-#~ msgid "The maximum number of secrets that can be stored"
+-#~ msgstr "保存可能なシークレットの最大数"
++#: src/providers/krb5/krb5_child.c:3249
++msgid "Kerberos realm to use"
++msgstr "使用する Kerberos レルム"
+
+-#~ msgid "The maximum number of secrets that can be stored per UID"
+-#~ msgstr "UID ごとに保存可能なシークレットの最大数"
++#: src/providers/krb5/krb5_child.c:3251
++msgid "Requested lifetime of the ticket"
++msgstr "チケットの要求された有効期間"
+
+-#~ msgid "The maximum payload size of a secret in kilobytes"
+-#~ msgstr "キロバイトでのシークレットの最大ペイロードサイズ"
++#: src/providers/krb5/krb5_child.c:3253
++msgid "Requested renewable lifetime of the ticket"
++msgstr "チケットの要求された更新可能な有効期間"
+
+-#~ msgid "The URL Custodia server is listening on"
+-#~ msgstr "URL Custodia サーバーはリッスンしています"
++#: src/providers/krb5/krb5_child.c:3255
++msgid "FAST options ('never', 'try', 'demand')"
++msgstr "FAST のオプション ('never'、'try'、'demand')"
+
+-#~ msgid "The method to use when authenticating to a Custodia server"
+-#~ msgstr "Custodia サーバーへの認証時に使用する方法"
++#: src/providers/krb5/krb5_child.c:3258
++msgid "Specifies the server principal to use for FAST"
++msgstr "FAST で使用するサーバープリンシパルを指定します"
+
+-#~ msgid ""
+-#~ "The name of the headers that will be added into a HTTP request with the "
+-#~ "value defined in auth_header_value"
+-#~ msgstr ""
+-#~ "auth_header_value で値が定義され、HTTP リクエストに追加されるヘッダーの名"
+-#~ "前"
++#: src/providers/krb5/krb5_child.c:3260
++msgid "Requests canonicalization of the principal name"
++msgstr "プリンシパル名の正規化を要求します"
+
+-#~ msgid "The value sssd-secrets would use for auth_header_name"
+-#~ msgstr "sssd-secrets の値は、auth_header_name で使用します"
++#: src/providers/krb5/krb5_child.c:3262
++msgid "Use custom version of krb5_get_init_creds_password"
++msgstr "krb5_get_init_creds_password のカスタムバージョンを使用します"
+
+-#~ msgid ""
+-#~ "The list of the headers to forward to the Custodia server together with "
+-#~ "the request"
+-#~ msgstr "要求と共に Custodia サーバーへ転送するヘッダーの一覧"
++#: src/providers/data_provider_be.c:674
++msgid "Domain of the information provider (mandatory)"
++msgstr "情報プロバイダーのドメイン (必須)"
+
+-#~ msgid ""
+-#~ "The username to use when authenticating to a Custodia server using "
+-#~ "basic_auth"
+-#~ msgstr "basic_auth を使った Custodia サーバーへの認証時に使用するユーザー名"
++#: src/sss_client/common.c:1079
++msgid "Privileged socket has wrong ownership or permissions."
++msgstr "特権ソケットの所有者またはパーミッションが誤っています。"
+
+-#~ msgid ""
+-#~ "The password to use when authenticating to a Custodia server using "
+-#~ "basic_auth"
+-#~ msgstr "basic_auth を使った Custodia サーバーへの認証時に使用するパスワード"
++#: src/sss_client/common.c:1082
++msgid "Public socket has wrong ownership or permissions."
++msgstr "公開ソケットの所有者またはパーミッションが誤っています。"
+
+-#~ msgid ""
+-#~ "If true peer's certificate is verified if proxy_url uses https protocol"
+-#~ msgstr ""
+-#~ "proxy_url が https protocol を使用する場合に、正しいピアの証明書が検証され"
+-#~ "るかどうか"
++#: src/sss_client/common.c:1085
++msgid "Unexpected format of the server credential message."
++msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。"
+
+-#~ msgid ""
+-#~ "If false peer's certificate may contain different hostname than proxy_url "
+-#~ "when https protocol is used"
+-#~ msgstr ""
+-#~ "https プロトコルが使用される場合に、間違ったピアの証明書が proxy_url 以外"
+-#~ "の異なるホスト名を含むかどうか"
++#: src/sss_client/common.c:1088
++msgid "SSSD is not run by root."
++msgstr "SSSD は root により実行されません。"
+
+-#~ msgid ""
+-#~ "Path to directory where certificate authority certificates are stored"
+-#~ msgstr "CA 証明書が保存されているディレクトリーへのパス"
++#: src/sss_client/common.c:1091
++msgid "SSSD socket does not exist."
++msgstr "SSSD ソケットは存在しません。"
+
+-#~ msgid "Path to file containing server's CA certificate"
+-#~ msgstr "サーバーの CA 証明書を含むファイルへのパス"
++#: src/sss_client/common.c:1094
++msgid "Cannot get stat of SSSD socket."
++msgstr "SSSD ソケットの統計を取得できません。"
+
+-#~ msgid "Path to file containing client's certificate"
+-#~ msgstr "クライアントの証明書を含むファイルへのパス"
++#: src/sss_client/common.c:1099
++msgid "An error occurred, but no description can be found."
++msgstr "エラーが発生しましたが、説明がありませんでした。"
+
+-#~ msgid "Path to file containing client's private key"
+-#~ msgstr "クライアントの秘密鍵を含むファイルへのパス"
++#: src/sss_client/common.c:1105
++msgid "Unexpected error while looking for an error description"
++msgstr "エラーの説明を検索中に予期しないエラーが発生しました"
+
+-#~ msgid "Identity provider"
+-#~ msgstr "アイデンティティープロバイダー"
++#: src/sss_client/pam_sss.c:68
++msgid "Permission denied. "
++msgstr "パーミッションが拒否されました。"
+
+-#~ msgid "Authentication provider"
+-#~ msgstr "認証プロバイダー"
++#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:781
++#: src/sss_client/pam_sss.c:792
++msgid "Server message: "
++msgstr "サーバーのメッセージ: "
+
+-#~ msgid "Access control provider"
+-#~ msgstr "アクセス制御プロバイダー"
++#: src/sss_client/pam_sss.c:299
++msgid "Passwords do not match"
++msgstr "パスワードが一致しません"
+
+-#~ msgid "Password change provider"
+-#~ msgstr "パスワード変更プロバイダー"
++#: src/sss_client/pam_sss.c:487
++msgid "Password reset by root is not supported."
++msgstr "root によるパスワードのリセットはサポートされません。"
+
+-#~ msgid "SUDO provider"
+-#~ msgstr "SUDO プロバイダー"
++#: src/sss_client/pam_sss.c:528
++msgid "Authenticated with cached credentials"
++msgstr "キャッシュされているクレデンシャルを用いて認証されました"
+
+-#~ msgid "Autofs provider"
+-#~ msgstr "Autofs プロバイダー"
++#: src/sss_client/pam_sss.c:529
++msgid ", your cached password will expire at: "
++msgstr "、キャッシュされたパスワードが失効します: "
+
+-#~ msgid "Host identity provider"
+-#~ msgstr "ホスト識別プロバイダー"
++#: src/sss_client/pam_sss.c:559
++#, c-format
++msgid "Your password has expired. You have %1$d grace login(s) remaining."
++msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。"
+
+-#~ msgid "SELinux provider"
+-#~ msgstr "SELinux プロバイダー"
++#: src/sss_client/pam_sss.c:605
++#, c-format
++msgid "Your password will expire in %1$d %2$s."
++msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。"
+
+-#~ msgid "Session management provider"
+-#~ msgstr "セッションマネージャーのプロバイダー"
++#: src/sss_client/pam_sss.c:654
++msgid "Authentication is denied until: "
++msgstr "次まで認証が拒否されます: "
+
+-#~ msgid "Whether the domain is usable by the OS or by applications"
+-#~ msgstr "OS またはアプリケーションがドメインを使用できるかどうか"
++#: src/sss_client/pam_sss.c:675
++msgid "System is offline, password change not possible"
++msgstr "システムがオフラインです、パスワード変更ができません"
+
+-#~ msgid "Minimum user ID"
+-#~ msgstr "最小ユーザー ID"
++#: src/sss_client/pam_sss.c:690
++msgid ""
++"After changing the OTP password, you need to log out and back in order to "
++"acquire a ticket"
++msgstr "OTP パスワードの変更後、チケットを取得するためにログアウト後に再びログインする必要があります"
+
+-#~ msgid "Maximum user ID"
+-#~ msgstr "最大ユーザー ID"
++#: src/sss_client/pam_sss.c:778 src/sss_client/pam_sss.c:791
++msgid "Password change failed. "
++msgstr "パスワードの変更に失敗しました。"
+
+-#~ msgid "Enable enumerating all users/groups"
+-#~ msgstr "すべてのユーザー・グループの列挙を有効にする"
++#: src/sss_client/pam_sss.c:2015
++msgid "New Password: "
++msgstr "新しいパスワード: "
+
+-#~ msgid "Cache credentials for offline login"
+-#~ msgstr "オフラインログインのためにクレデンシャルをキャッシュする"
++#: src/sss_client/pam_sss.c:2016
++msgid "Reenter new Password: "
++msgstr "新しいパスワードの再入力: "
+
+-#~ msgid "Display users/groups in fully-qualified form"
+-#~ msgstr "ユーザー・グループを完全修飾形式で表示する"
++#: src/sss_client/pam_sss.c:2178 src/sss_client/pam_sss.c:2181
++msgid "First Factor: "
++msgstr "1 番目の要素: "
+
+-#~ msgid "Don't include group members in group lookups"
+-#~ msgstr "グループ検索にグループメンバーを含めない"
++#: src/sss_client/pam_sss.c:2179 src/sss_client/pam_sss.c:2353
++msgid "Second Factor (optional): "
++msgstr "2 番目の要素 (オプション): "
+
+-#~ msgid "Entry cache timeout length (seconds)"
+-#~ msgstr "エントリーキャッシュのタイムアウト長(秒)"
++#: src/sss_client/pam_sss.c:2182 src/sss_client/pam_sss.c:2356
++msgid "Second Factor: "
++msgstr "2 番目の要素: "
+
+-#~ msgid ""
+-#~ "Restrict or prefer a specific address family when performing DNS lookups"
+-#~ msgstr ""
+-#~ "DNS 検索を実行する時に特定のアドレスファミリーを制限または優先します"
++#: src/sss_client/pam_sss.c:2200
++msgid "Password: "
++msgstr "パスワード: "
+
+-#~ msgid "How long to keep cached entries after last successful login (days)"
+-#~ msgstr "最終ログイン成功時からキャッシュエントリーを保持する日数"
++#: src/sss_client/pam_sss.c:2352 src/sss_client/pam_sss.c:2355
++msgid "First Factor (Current Password): "
++msgstr "1 番目の要素 (現在のパスワード): "
+
+-#~ msgid ""
+-#~ "How long should SSSD talk to single DNS server before trying next server "
+-#~ "(miliseconds)"
+-#~ msgstr ""
+-#~ "次のサーバーを試行するまでに SSSD が単一の DNS サーバーと通信する時間 (ミ"
+-#~ "リ秒)"
++#: src/sss_client/pam_sss.c:2359
++msgid "Current Password: "
++msgstr "現在のパスワード: "
+
+-#~ msgid "How long should keep trying to resolve single DNS query (seconds)"
+-#~ msgstr "単一の DNS クエリーの解決を試行する時間 (秒)"
++#: src/sss_client/pam_sss.c:2714
++msgid "Password expired. Change your password now."
++msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。"
+
+-#~ msgid ""
+-#~ "How long to wait for replies from DNS when resolving servers (seconds)"
+-#~ msgstr "サーバーを名前解決する時に DNS から応答を待つ時間(秒)"
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
++#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
++#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
++#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
++#: src/tools/sss_cache.c:719
++msgid "The debug level to run with"
++msgstr "実行するデバッグレベル"
+
+-#~ msgid "The domain part of service discovery DNS query"
+-#~ msgstr "サービス検索 DNS クエリーのドメイン部分"
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
++msgid "The SSSD domain to use"
++msgstr "使用する SSSD ドメイン"
+
+-#~ msgid "Override GID value from the identity provider with this value"
+-#~ msgstr "識別プロバイダーからの GID 値をこの値で上書きする"
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
++#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
++#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
++#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
++#: src/tools/sss_cache.c:765
++msgid "Error setting the locale\n"
++msgstr "ロケールの設定中にエラーが発生しました\n"
+
+-#~ msgid "Treat usernames as case sensitive"
+-#~ msgstr "ユーザー名が大文字小文字を区別するよう取り扱う"
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
++msgid "Not enough memory\n"
++msgstr "十分なメモリーがありません\n"
+
+-#~ msgid "How often should expired entries be refreshed in background"
+-#~ msgstr "期限切れのエントリーがバックグラウンドで更新される頻度"
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
++msgid "User not specified\n"
++msgstr "ユーザーが指定されていません\n"
+
+-#~ msgid "Whether to automatically update the client's DNS entry"
+-#~ msgstr "自動的にクライアントの DNS エントリーを更新するかどうか"
++#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
++msgid "Error looking up public keys\n"
++msgstr "公開鍵の検索中にエラーが発生しました\n"
+
+-#~ msgid "The TTL to apply to the client's DNS entry after updating it"
+-#~ msgstr "クライアントの DNS 項目を更新後、適用する TTL"
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
++msgid "The port to use to connect to the host"
++msgstr "ホストへの接続に使用するポート"
+
+-#~ msgid "The interface whose IP should be used for dynamic DNS updates"
+-#~ msgstr "動的 DNS 更新のために使用される IP のインターフェース"
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
++msgid "Print the host ssh public keys"
++msgstr "ホスト SSH 公開鍵を印刷"
+
+-#~ msgid "How often to periodically update the client's DNS entry"
+-#~ msgstr "どのくらい定期的にクライアントの DNS エントリーを更新するか"
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
++msgid "Invalid port\n"
++msgstr "無効なポート\n"
+
+-#~ msgid "Whether the provider should explicitly update the PTR record as well"
+-#~ msgstr ""
+-#~ "プロバイダーが同じように PTR レコードを明示的に更新する必要があるかどうか"
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
++msgid "Host not specified\n"
++msgstr "ホストが指定されていません\n"
+
+-#~ msgid "Whether the nsupdate utility should default to using TCP"
+-#~ msgstr "nsupdate ユーティリティーが標準で TCP を使用するかどうか"
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
++msgid "The path to the proxy command must be absolute\n"
++msgstr "プロキシコマンドへのパスは絶対パスにする必要があります\n"
+
+-#~ msgid "What kind of authentication should be used to perform the DNS update"
+-#~ msgstr "DNS 更新を実行するために使用すべき認証の種類"
++#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
++#, c-format
++msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
++msgstr "sss_ssh_knownhostsproxy: ホスト名 %s を解決できませんでした\n"
+
+-#~ msgid "Override the DNS server used to perform the DNS update"
+-#~ msgstr "DNS の更新を実行する際に使用する DNS サーバーを上書き"
++#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
++msgid "The UID of the user"
++msgstr "ユーザーの UID"
+
+-#~ msgid "Control enumeration of trusted domains"
+-#~ msgstr "信頼されたドメインの列挙を制御"
++#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
++msgid "The comment string"
++msgstr "コメント文字列"
+
+-#~ msgid "How often should subdomains list be refreshed"
+-#~ msgstr "サブドメインの一覧のリフレッシュ回数"
++#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
++msgid "Home directory"
++msgstr "ホームディレクトリー"
+
+-#~ msgid "List of options that should be inherited into a subdomain"
+-#~ msgstr "サブドメインに継承すべきオプションの一覧"
++#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
++msgid "Login shell"
++msgstr "ログインシェル"
+
+-#~ msgid "Default subdomain homedir value"
+-#~ msgstr "デフォルトのサブドメインホームディレクトリーの値"
++#: src/tools/sss_useradd.c:53
++msgid "Groups"
++msgstr "グループ"
+
+-#~ msgid "How long can cached credentials be used for cached authentication"
+-#~ msgstr "証明書キャッシュを認証キャッシュに使用できる期間"
++#: src/tools/sss_useradd.c:54
++msgid "Create user's directory if it does not exist"
++msgstr "ユーザーのディレクトリーが存在しなければ作成する"
+
+-#~ msgid "Whether to automatically create private groups for users"
+-#~ msgstr "ユーザーにプライベートグループを自動的に作成するかどうか"
++#: src/tools/sss_useradd.c:55
++msgid "Never create user's directory, overrides config"
++msgstr "ユーザーのディレクトリーを作成しない、設定を上書きする"
+
+-#~ msgid "IPA domain"
+-#~ msgstr "IPA ドメイン"
++#: src/tools/sss_useradd.c:56
++msgid "Specify an alternative skeleton directory"
++msgstr "代替のスケルトンディレクトリーを指定する"
+
+-#~ msgid "IPA server address"
+-#~ msgstr "IPA サーバーのアドレス"
++#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
++msgid "The SELinux user for user's login"
++msgstr "ユーザーのログインに対する SELinux ユーザー"
+
+-#~ msgid "Address of backup IPA server"
+-#~ msgstr "バックアップ IPA サーバーのアドレス"
++#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
++#: src/tools/sss_usermod.c:92
++msgid "Specify group to add to\n"
++msgstr "追加するグループを指定してください\n"
+
+-#~ msgid "IPA client hostname"
+-#~ msgstr "IPA クライアントのホスト名"
++#: src/tools/sss_useradd.c:111
++msgid "Specify user to add\n"
++msgstr "追加するユーザーを指定してください\n"
+
+-#~ msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+-#~ msgstr ""
+-#~ "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか"
++#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
++#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
++#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
++#: src/tools/sss_usermod.c:162
++msgid "Error initializing the tools - no local domain\n"
++msgstr "ツールを初期化中にエラーが発生しました - ローカルドメインがありません\n"
+
+-#~ msgid "Search base for HBAC related objects"
+-#~ msgstr "HBAC 関連オブジェクトの検索ベース"
++#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
++#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
++#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
++#: src/tools/sss_usermod.c:164
++msgid "Error initializing the tools\n"
++msgstr "ツールを初期化中にエラーが発生しました\n"
+
+-#~ msgid ""
+-#~ "The amount of time between lookups of the HBAC rules against the IPA "
+-#~ "server"
+-#~ msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間"
++#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
++#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
++#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
++#: src/tools/sss_usermod.c:173
++msgid "Invalid domain specified in FQDN\n"
++msgstr "FQDN で指定されたドメインが無効です\n"
+
+-#~ msgid ""
+-#~ "The amount of time in seconds between lookups of the SELinux maps against "
+-#~ "the IPA server"
+-#~ msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間"
++#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
++#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
++#: src/tools/sss_usermod.c:226
++msgid "Internal error while parsing parameters\n"
++msgstr "パラメーターを解析中に内部エラーが発生しました\n"
+
+-#~ msgid "If set to false, host argument given by PAM will be ignored"
+-#~ msgstr ""
+-#~ "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます"
++#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
++#: src/tools/sss_usermod.c:235
++msgid "Groups must be in the same domain as user\n"
++msgstr "グループがユーザーと同じドメインになければいけません\n"
+
+-#~ msgid "The automounter location this IPA client is using"
+-#~ msgstr "この IPA クライアントが使用している automounter の場所"
++#: src/tools/sss_useradd.c:159
++#, c-format
++msgid "Cannot find group %1$s in local domain\n"
++msgstr "ローカルドメインにグループ %1$s を見つけられません\n"
+
+-#~ msgid "Search base for object containing info about IPA domain"
+-#~ msgstr "IPA ドメインに関する情報を含むオブジェクトに対する検索ベース"
++#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
++msgid "Cannot set default values\n"
++msgstr "デフォルト値を設定できません\n"
+
+-#~ msgid "Search base for objects containing info about ID ranges"
+-#~ msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索ベース"
++#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
++msgid "The selected UID is outside the allowed range\n"
++msgstr "選択された UID は許容される範囲を越えています\n"
+
+-#~ msgid "Enable DNS sites - location based service discovery"
+-#~ msgstr "DNS サイトの有効化 - 位置ベースのサービス検索"
++#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
++msgid "Cannot set SELinux login context\n"
++msgstr "SELinux ログインコンテキストを設定できません\n"
+
+-#~ msgid "Search base for view containers"
+-#~ msgstr "ビューコンテナーの検索ベース"
++#: src/tools/sss_useradd.c:224
++msgid "Cannot get info about the user\n"
++msgstr "ユーザーに関する情報を取得できません\n"
+
+-#~ msgid "Objectclass for view containers"
+-#~ msgstr "ビューコンテナーのオブジェクトクラス"
++#: src/tools/sss_useradd.c:236
++msgid "User's home directory already exists, not copying data from skeldir\n"
++msgstr "ユーザーのホームディレクトリーがすでに存在します、スケルトンディレクトリーからデータをコピーしません\n"
+
+-#~ msgid "Attribute with the name of the view"
+-#~ msgstr "ビューの名前の属性"
++#: src/tools/sss_useradd.c:239
++#, c-format
++msgid "Cannot create user's home directory: %1$s\n"
++msgstr "ユーザーのホームディレクトリーを作成できません: %1$s\n"
+
+-#~ msgid "Objectclass for override objects"
+-#~ msgstr "上書きされたオブジェクトのオブジェクトクラス"
++#: src/tools/sss_useradd.c:250
++#, c-format
++msgid "Cannot create user's mail spool: %1$s\n"
++msgstr "ユーザーのメールスプールを作成できません: %1$s\n"
+
+-#~ msgid "Attribute with the reference to the original object"
+-#~ msgstr "オリジナルオブジェクトを参照する属性"
++#: src/tools/sss_useradd.c:270
++msgid "Could not allocate ID for the user - domain full?\n"
++msgstr "ユーザーに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
+
+-#~ msgid "Objectclass for user override objects"
+-#~ msgstr "ユーザーが上書きするオブジェクトのオブジェクトクラス"
++#: src/tools/sss_useradd.c:274
++msgid "A user or group with the same name or ID already exists\n"
++msgstr "同じ名前または ID を持つユーザーまたはグループがすでに存在します\n"
+
+-#~ msgid "Objectclass for group override objects"
+-#~ msgstr "グループが上書きするオブジェクトのオブジェクトクラス"
++#: src/tools/sss_useradd.c:280
++msgid "Transaction error. Could not add user.\n"
++msgstr "トランザクションエラー。ユーザーを追加できませんでした。\n"
+
+-#~ msgid "Search base for Desktop Profile related objects"
+-#~ msgstr "デスクトッププロファイルに関連するオブジェクトの検索ベース"
++#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
++msgid "The GID of the group"
++msgstr "グループの GID"
+
+-#~ msgid ""
+-#~ "The amount of time in seconds between lookups of the Desktop Profile "
+-#~ "rules against the IPA server"
+-#~ msgstr ""
+-#~ "IPA サーバーに対するデスクトッププロファイルルールを検索している間の秒単位"
+-#~ "の合計時間"
++#: src/tools/sss_groupadd.c:76
++msgid "Specify group to add\n"
++msgstr "追加するグループを指定してください\n"
+
+-#~ msgid ""
+-#~ "The amount of time in minutes between lookups of Desktop Profiles rules "
+-#~ "against the IPA server when the last request did not find any rule"
+-#~ msgstr ""
+-#~ "最後の要求がルールを何も見つけなかった場合の IPA サーバーに対するデスク"
+-#~ "トッププロファイルル ールを検索している間の分単位の合計時間"
++#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
++msgid "The selected GID is outside the allowed range\n"
++msgstr "選択された GID は許容される範囲を越えています\n"
+
+-#~ msgid "Active Directory domain"
+-#~ msgstr "Active Directory ドメイン"
++#: src/tools/sss_groupadd.c:143
++msgid "Could not allocate ID for the group - domain full?\n"
++msgstr "グループに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
+
+-#~ msgid "Enabled Active Directory domains"
+-#~ msgstr "有効化された Active Directory ドメイン"
++#: src/tools/sss_groupadd.c:147
++msgid "A group with the same name or GID already exists\n"
++msgstr "同じ名前または GID を持つグループがすでに存在します\n"
+
+-#~ msgid "Active Directory server address"
+-#~ msgstr "Active Directory サーバーアドレス"
++#: src/tools/sss_groupadd.c:153
++msgid "Transaction error. Could not add group.\n"
++msgstr "トランザクションエラー。グループを追加できませんでした。\n"
+
+-#~ msgid "Active Directory backup server address"
+-#~ msgstr "Active Directory バックアップサーバーのアドレス"
++#: src/tools/sss_groupdel.c:70
++msgid "Specify group to delete\n"
++msgstr "削除するグループを指定してください\n"
+
+-#~ msgid "Active Directory client hostname"
+-#~ msgstr "Active Directory クライアントホスト名"
++#: src/tools/sss_groupdel.c:104
++#, c-format
++msgid "Group %1$s is outside the defined ID range for domain\n"
++msgstr "グループ %1$s はドメインに対して定義された ID の範囲を越えています\n"
+
+-#~ msgid "LDAP filter to determine access privileges"
+-#~ msgstr "アクセス権限を決めるための LDAP フィルター"
++#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
++#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
++#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
++#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
++#, c-format
++msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
++msgstr "NSS リクエストに失敗しました (%1$d)。項目はメモリーキャッシュに残されます。\n"
+
+-#~ msgid "Whether to use the Global Catalog for lookups"
+-#~ msgstr "検索にグローバルカタログを使用するかどうか"
++#: src/tools/sss_groupdel.c:132
++msgid ""
++"No such group in local domain. Removing groups only allowed in local domain."
++"\n"
++msgstr "そのようなグループはローカルドメインにありません。グループの削除はローカルドメインにおいてのみ許可されます。\n"
+
+-#~ msgid "Operation mode for GPO-based access control"
+-#~ msgstr "グローバルカタログベースのアクセス制御に対するオペレーションモード"
++#: src/tools/sss_groupdel.c:137
++msgid "Internal error. Could not remove group.\n"
++msgstr "内部エラー。グループを削除できませんでした。\n"
+
+-#~ msgid ""
+-#~ "The amount of time between lookups of the GPO policy files against the AD "
+-#~ "server"
+-#~ msgstr "AD サーバーに対する GPO ポリシーファイルを検索している間の合計時間"
++#: src/tools/sss_groupmod.c:44
++msgid "Groups to add this group to"
++msgstr "このグループに追加するグループ"
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
+-#~ "settings"
+-#~ msgstr ""
+-#~ "GPO (Deny)InteractiveLogonRight のポリシー設定にマッピングした PAM サービ"
+-#~ "ス名"
++#: src/tools/sss_groupmod.c:46
++msgid "Groups to remove this group from"
++msgstr "このグループから削除するグループ"
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
+-#~ "policy settings"
+-#~ msgstr ""
+-#~ "GPO (Deny)RemoteInteractiveLogonRight のポリシー設定にマッピングした PAM "
+-#~ "サービス名"
++#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
++msgid "Specify group to remove from\n"
++msgstr "削除するグループを指定してください\n"
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
+-#~ "settings"
+-#~ msgstr ""
+-#~ "GPO (Deny)NetworkLogonRight のポリシー設定にマッピングした PAM サービス名"
++#: src/tools/sss_groupmod.c:101
++msgid "Specify group to modify\n"
++msgstr "変更するグループを指定してください\n"
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)BatchLogonRight policy "
+-#~ "settings"
+-#~ msgstr ""
+-#~ "GPO (Deny)BatchLogonRight のポリシー設定にマッピングした PAM サービス名"
++#: src/tools/sss_groupmod.c:130
++msgid ""
++"Cannot find group in local domain, modifying groups is allowed only in local "
++"domain\n"
++msgstr "ローカルドメインにグループが見つかりませんでした。グループの変更はローカルドメインにおいてのみ許可されます\n"
+
+-#~ msgid ""
+-#~ "PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
+-#~ "settings"
+-#~ msgstr ""
+-#~ "(Deny)ServiceLogonRight のポリシー設定にマッピングした PAM サービス名"
++#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
++msgid "Member groups must be in the same domain as parent group\n"
++msgstr "メンバーグループが親グループと同じドメインにある必要があります\n"
+
+-#~ msgid "PAM service names for which GPO-based access is always granted"
+-#~ msgstr "GPO ベースのアクセスが常に許可される PAM サービス名"
++#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
++#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
++#, c-format
++msgid ""
++"Cannot find group %1$s in local domain, only groups in local domain are "
++"allowed\n"
++msgstr "ローカルドメインにグループ %1$s が見つかりません。ローカルドメインにあるグループのみが許可されます\n"
+
+-#~ msgid "PAM service names for which GPO-based access is always denied"
+-#~ msgstr "GPO ベースのアクセスが常に拒否される PAM サービス名"
++#: src/tools/sss_groupmod.c:257
++msgid "Could not modify group - check if member group names are correct\n"
++msgstr "グループを変更できませんでした - メンバーグループ名が正しいかを確認してください\n"
+
+-#~ msgid ""
+-#~ "Default logon right (or permit/deny) to use for unmapped PAM service names"
+-#~ msgstr ""
+-#~ "マッピングされていない PAM サービス名に使用するデフォルトのログオン権利 "
+-#~ "(または許可/拒否)"
++#: src/tools/sss_groupmod.c:261
++msgid "Could not modify group - check if groupname is correct\n"
++msgstr "グループを変更できませんでした - グループ名が正しいかを確認してください\n"
+
+-#~ msgid "a particular site to be used by the client"
+-#~ msgstr "クライアントが使用する特定のサイト"
++#: src/tools/sss_groupmod.c:265
++msgid "Transaction error. Could not modify group.\n"
++msgstr "トランザクションエラー。グループを変更できませんでした。\n"
+
+-#~ msgid ""
+-#~ "Maximum age in days before the machine account password should be renewed"
+-#~ msgstr "マシンアカウントのパスワードの更新が必要となるまでの最大日数"
++#: src/tools/sss_groupshow.c:616
++msgid "Magic Private "
++msgstr "マジックプライベート "
+
+-#~ msgid "Option for tuning the machine account renewal task"
+-#~ msgstr "マシンアカウントの更新タスクをチューニングするオプション"
++#: src/tools/sss_groupshow.c:615
++#, c-format
++msgid "%1$s%2$sGroup: %3$s\n"
++msgstr "%1$s%2$sGroup: %3$s\n"
+
+-#~ msgid "Kerberos server address"
+-#~ msgstr "Kerberos サーバーのアドレス"
++#: src/tools/sss_groupshow.c:618
++#, c-format
++msgid "%1$sGID number: %2$d\n"
++msgstr "%1$sGID 番号: %2$d\n"
+
+-#~ msgid "Kerberos backup server address"
+-#~ msgstr "Kerberos バックアップサーバーのアドレス"
++#: src/tools/sss_groupshow.c:620
++#, c-format
++msgid "%1$sMember users: "
++msgstr "%1$sMember ユーザー: "
+
+-#~ msgid "Kerberos realm"
+-#~ msgstr "Kerberos レルム"
++#: src/tools/sss_groupshow.c:627
++#, c-format
++msgid "\n"
++"%1$sIs a member of: "
++msgstr "\n"
++"%1$sIs は次のメンバー: "
+
+-#~ msgid "Authentication timeout"
+-#~ msgstr "認証のタイムアウト"
++#: src/tools/sss_groupshow.c:634
++#, c-format
++msgid "\n"
++"%1$sMember groups: "
++msgstr "\n"
++"%1$sMember グループ: "
+
+-#~ msgid "Whether to create kdcinfo files"
+-#~ msgstr "kdcinfo ファイルを作成するかどうか"
++#: src/tools/sss_groupshow.c:670
++msgid "Print indirect group members recursively"
++msgstr "間接グループメンバーを再帰的に表示する"
+
+-#~ msgid "Where to drop krb5 config snippets"
+-#~ msgstr "krb5 設定スニペットを削除する場所"
++#: src/tools/sss_groupshow.c:704
++msgid "Specify group to show\n"
++msgstr "表示するグループを指定してください\n"
+
+-#~ msgid "Directory to store credential caches"
+-#~ msgstr "クレデンシャルのキャッシュを保存するディレクトリー"
++#: src/tools/sss_groupshow.c:744
++msgid ""
++"No such group in local domain. Printing groups only allowed in local domain."
++"\n"
++msgstr "そのようなグループはローカルドメインにありません。グループの表示はローカルドメインにおいてのみ許可されます。\n"
+
+-#~ msgid "Location of the user's credential cache"
+-#~ msgstr "ユーザーのクレデンシャルキャッシュの位置"
++#: src/tools/sss_groupshow.c:749
++msgid "Internal error. Could not print group.\n"
++msgstr "内部エラー。グループを表示できませんでした。\n"
+
+-#~ msgid "Location of the keytab to validate credentials"
+-#~ msgstr "クレデンシャルを検証するキーテーブルの場所"
++#: src/tools/sss_userdel.c:138
++msgid "Remove home directory and mail spool"
++msgstr "ホームディレクトリーとメールスプールを削除する"
+
+-#~ msgid "Enable credential validation"
+-#~ msgstr "クレデンシャルの検証を有効にする"
++#: src/tools/sss_userdel.c:140
++msgid "Do not remove home directory and mail spool"
++msgstr "ホームディレクトリーとメールスプールを削除しない"
+
+-#~ msgid "Store password if offline for later online authentication"
+-#~ msgstr ""
+-#~ "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
++#: src/tools/sss_userdel.c:142
++msgid "Force removal of files not owned by the user"
++msgstr "ユーザーにより所有されていないファイルの強制削除"
+
+-#~ msgid "Renewable lifetime of the TGT"
+-#~ msgstr "更新可能な TGT の有効期間"
++#: src/tools/sss_userdel.c:144
++msgid "Kill users' processes before removing him"
++msgstr "ユーザーを削除する前にそのユーザーのプロセスを強制停止する"
+
+-#~ msgid "Lifetime of the TGT"
+-#~ msgstr "TGT の有効期間"
++#: src/tools/sss_userdel.c:190
++msgid "Specify user to delete\n"
++msgstr "削除するユーザーを指定する\n"
+
+-#~ msgid "Time between two checks for renewal"
+-#~ msgstr "更新を確認する間隔"
++#: src/tools/sss_userdel.c:236
++#, c-format
++msgid "User %1$s is outside the defined ID range for domain\n"
++msgstr "ユーザー %1$s はドメインに対して定義された ID の範囲を超えています\n"
+
+-#~ msgid "Enables FAST"
+-#~ msgstr "FAST を有効にする"
++#: src/tools/sss_userdel.c:261
++msgid "Cannot reset SELinux login context\n"
++msgstr "SELinux ログインコンテキストをリセットできません\n"
+
+-#~ msgid "Selects the principal to use for FAST"
+-#~ msgstr "FAST に使用するプリンシパルを選択する"
++#: src/tools/sss_userdel.c:273
++#, c-format
++msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
++msgstr "警告: ユーザー (uid %1$lu) が削除された時にまだログインしていました。\n"
+
+-#~ msgid "Enables principal canonicalization"
+-#~ msgstr "プリンシパル正規化を有効にする"
++#: src/tools/sss_userdel.c:278
++msgid "Cannot determine if the user was logged in on this platform"
++msgstr "ユーザーがこのプラットフォームにログインしていたかを確認できませんでした"
+
+-#~ msgid "Enables enterprise principals"
+-#~ msgstr "エンタープライズ・プリンシパルの有効化"
++#: src/tools/sss_userdel.c:283
++msgid "Error while checking if the user was logged in\n"
++msgstr "ユーザーがログインしていたかを確認中にエラーが発生しました\n"
+
+-#~ msgid "A mapping from user names to Kerberos principal names"
+-#~ msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング"
++#: src/tools/sss_userdel.c:290
++#, c-format
++msgid "The post-delete command failed: %1$s\n"
++msgstr "削除後コマンドの実行に失敗しました: %1$s\n"
+
+-#~ msgid ""
+-#~ "Server where the change password service is running if not on the KDC"
+-#~ msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
++#: src/tools/sss_userdel.c:310
++msgid "Not removing home dir - not owned by user\n"
++msgstr "ホームディレクトリーを削除していません - ユーザーにより所有されていません\n"
+
+-#~ msgid "ldap_uri, The URI of the LDAP server"
+-#~ msgstr "ldap_uri, LDAP サーバーの URI"
++#: src/tools/sss_userdel.c:312
++#, c-format
++msgid "Cannot remove homedir: %1$s\n"
++msgstr "ホームディレクトリーを削除できません: %1$s\n"
+
+-#~ msgid "ldap_backup_uri, The URI of the LDAP server"
+-#~ msgstr "ldap_backup_uri, LDAP サーバーの URI"
++#: src/tools/sss_userdel.c:326
++msgid ""
++"No such user in local domain. Removing users only allowed in local domain.\n"
++msgstr "そのようなユーザーはローカルドメインにいません。ユーザーの削除はローカルドメインにおいてのみ許可されます。\n"
+
+-#~ msgid "The default base DN"
+-#~ msgstr "デフォルトのベース DN"
++#: src/tools/sss_userdel.c:331
++msgid "Internal error. Could not remove user.\n"
++msgstr "内部エラー。ユーザーを削除できませんでした。\n"
+
+-#~ msgid "The Schema Type in use on the LDAP server, rfc2307"
+-#~ msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307"
++#: src/tools/sss_usermod.c:49
++msgid "The GID of the user"
++msgstr "ユーザーの GID"
+
+-#~ msgid "Mode used to change user password"
+-#~ msgstr "ユーザーのパスワードの変更にモードを使用しました"
++#: src/tools/sss_usermod.c:53
++msgid "Groups to add this user to"
++msgstr "このユーザーを追加するグループ"
+
+-#~ msgid "The default bind DN"
+-#~ msgstr "デフォルトのバインド DN"
++#: src/tools/sss_usermod.c:54
++msgid "Groups to remove this user from"
++msgstr "このユーザーを削除するグループ"
+
+-#~ msgid "The type of the authentication token of the default bind DN"
+-#~ msgstr "デフォルトのバインド DN の認証トークンの種類"
++#: src/tools/sss_usermod.c:55
++msgid "Lock the account"
++msgstr "アカウントをロックする"
+
+-#~ msgid "The authentication token of the default bind DN"
+-#~ msgstr "デフォルトのバインド DN の認証トークン"
++#: src/tools/sss_usermod.c:56
++msgid "Unlock the account"
++msgstr "アカウントをロック解除する"
+
+-#~ msgid "Length of time to attempt connection"
+-#~ msgstr "接続を試行する時間"
++#: src/tools/sss_usermod.c:57
++msgid "Add an attribute/value pair. The format is attrname=value."
++msgstr "属性/値のペアを追加します。フォーマットは attrname=value です。"
+
+-#~ msgid "Length of time to attempt synchronous LDAP operations"
+-#~ msgstr "LDAP 同期操作を試行する時間"
++#: src/tools/sss_usermod.c:58
++msgid "Delete an attribute/value pair. The format is attrname=value."
++msgstr "属性/値のペアを削除します。フォーマットは attrname=value です。"
+
+-#~ msgid "Length of time between attempts to reconnect while offline"
+-#~ msgstr "オフラインの間に再接続を試行する時間"
++#: src/tools/sss_usermod.c:59
++msgid ""
++"Set an attribute to a name/value pair. The format is attrname=value. For "
++"multi-valued attributes, the command replaces the values already present"
++msgstr ""
++"名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持つ属性の場合、コマンドがすでに存在する値に置き換えられます。"
+
+-#~ msgid "Use only the upper case for realm names"
+-#~ msgstr "レルム名に対して大文字のみを使用する"
++#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
++#: src/tools/sss_usermod.c:135
++msgid "Specify the attribute name/value pair(s)\n"
++msgstr "属性の名前/値のペアを指定します\n"
+
+-#~ msgid "File that contains CA certificates"
+-#~ msgstr "CA 証明書を含むファイル"
++#: src/tools/sss_usermod.c:152
++msgid "Specify user to modify\n"
++msgstr "変更するユーザーを指定してください\n"
+
+-#~ msgid "Path to CA certificate directory"
+-#~ msgstr "CA 証明書のディレクトリーのパス"
++#: src/tools/sss_usermod.c:180
++msgid ""
++"Cannot find user in local domain, modifying users is allowed only in local "
++"domain\n"
++msgstr "ローカルドメインにユーザーを見つけられません。ユーザーの変更はローカルドメインにおいてのみ許可されます。\n"
+
+-#~ msgid "File that contains the client certificate"
+-#~ msgstr "クライアント証明書を含むファイル"
++#: src/tools/sss_usermod.c:322
++msgid "Could not modify user - check if group names are correct\n"
++msgstr "ユーザーを変更できませんでした - グループ名が正しいかを確認してください\n"
+
+-#~ msgid "File that contains the client key"
+-#~ msgstr "クライアントの鍵を含むファイル"
++#: src/tools/sss_usermod.c:326
++msgid "Could not modify user - user already member of groups?\n"
++msgstr "ユーザーを変更できませんでした - ユーザーはすでにグループのメンバーですか?\n"
+
+-#~ msgid "List of possible ciphers suites"
+-#~ msgstr "利用可能な暗号の一覧"
++#: src/tools/sss_usermod.c:330
++msgid "Transaction error. Could not modify user.\n"
++msgstr "トランザクションエラー。ユーザーを変更できませんでした。\n"
+
+-#~ msgid "Require TLS certificate verification"
+-#~ msgstr "TLS 証明書の検証を要求する"
++#: src/tools/sss_cache.c:245
++msgid "No cache object matched the specified search\n"
++msgstr "指定された検索に一致するキャッシュオブジェクトがありません\n"
+
+-#~ msgid "Specify the sasl mechanism to use"
+-#~ msgstr "使用する SASL メカニズムを指定する"
++#: src/tools/sss_cache.c:536
++#, c-format
++msgid "Couldn't invalidate %1$s\n"
++msgstr "%1$s を無効化できませんでした\n"
+
+-#~ msgid "Specify the sasl authorization id to use"
+-#~ msgstr "使用する SASL 認可 ID を指定する"
++#: src/tools/sss_cache.c:543
++#, c-format
++msgid "Couldn't invalidate %1$s %2$s\n"
++msgstr "%1$s %2$s を無効化できませんでした\n"
+
+-#~ msgid "Specify the sasl authorization realm to use"
+-#~ msgstr "使用する SASL 認可レルムを指定する"
++#: src/tools/sss_cache.c:721
++msgid "Invalidate all cached entries"
++msgstr "すべてのキャッシュエントリーを無効化します"
+
+-#~ msgid "Specify the minimal SSF for LDAP sasl authorization"
+-#~ msgstr "LDAP SASL 認可の最小 SSF を指定する"
++#: src/tools/sss_cache.c:723
++msgid "Invalidate particular user"
++msgstr "特定のユーザーを無効にする"
+
+-#~ msgid "Kerberos service keytab"
+-#~ msgstr "Kerberos サービスのキーテーブル"
++#: src/tools/sss_cache.c:725
++msgid "Invalidate all users"
++msgstr "すべてのユーザーを無効にする"
+
+-#~ msgid "Use Kerberos auth for LDAP connection"
+-#~ msgstr "LDAP 接続に対して Kerberos 認証を使用する"
++#: src/tools/sss_cache.c:727
++msgid "Invalidate particular group"
++msgstr "特定のグループを無効にする"
+
+-#~ msgid "Follow LDAP referrals"
+-#~ msgstr "LDAP リフェラルにしたがう"
++#: src/tools/sss_cache.c:729
++msgid "Invalidate all groups"
++msgstr "すべてのグループを無効にする"
+
+-#~ msgid "Lifetime of TGT for LDAP connection"
+-#~ msgstr "LDAP 接続の TGT の有効期間"
++#: src/tools/sss_cache.c:731
++msgid "Invalidate particular netgroup"
++msgstr "特定のネットワークグループを無効にする"
+
+-#~ msgid "How to dereference aliases"
+-#~ msgstr "エイリアスを参照解決する方法"
++#: src/tools/sss_cache.c:733
++msgid "Invalidate all netgroups"
++msgstr "すべてのネットワークグループを無効にする"
+
+-#~ msgid "Service name for DNS service lookups"
+-#~ msgstr "DNS サービス検索のサービス名"
++#: src/tools/sss_cache.c:735
++msgid "Invalidate particular service"
++msgstr "特定のサービスの無効化"
+
+-#~ msgid "The number of records to retrieve in a single LDAP query"
+-#~ msgstr "単一の LDAP クエリーにおいて取得するレコード数"
++#: src/tools/sss_cache.c:737
++msgid "Invalidate all services"
++msgstr "すべてのサービスの無効化"
+
+-#~ msgid "The number of members that must be missing to trigger a full deref"
+-#~ msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
++#: src/tools/sss_cache.c:740
++msgid "Invalidate particular autofs map"
++msgstr "特定の autofs マップの無効化"
+
+-#~ msgid ""
+-#~ "Whether the LDAP library should perform a reverse lookup to canonicalize "
+-#~ "the host name during a SASL bind"
+-#~ msgstr ""
+-#~ "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実"
+-#~ "行するかどうか"
++#: src/tools/sss_cache.c:742
++msgid "Invalidate all autofs maps"
++msgstr "すべての autofs マップの無効化"
+
+-#~ msgid "entryUSN attribute"
+-#~ msgstr "entryUSN 属性"
++#: src/tools/sss_cache.c:746
++msgid "Invalidate particular SSH host"
++msgstr "特定の SSH ホストを無効化します"
+
+-#~ msgid "lastUSN attribute"
+-#~ msgstr "lastUSN 属性"
++#: src/tools/sss_cache.c:748
++msgid "Invalidate all SSH hosts"
++msgstr "すべての SSH ホストを無効化します"
+
+-#~ msgid ""
+-#~ "How long to retain a connection to the LDAP server before disconnecting"
+-#~ msgstr "LDAP サーバーを切断する前に接続を保持する時間"
++#: src/tools/sss_cache.c:752
++msgid "Invalidate particular sudo rule"
++msgstr "特定の sudo ルールを無効化します"
+
+-#~ msgid "Disable the LDAP paging control"
+-#~ msgstr "LDAP ページング制御を無効化する"
++#: src/tools/sss_cache.c:754
++msgid "Invalidate all cached sudo rules"
++msgstr "すべてのキャッシュ sudo ルールを無効化します"
+
+-#~ msgid "Disable Active Directory range retrieval"
+-#~ msgstr "Active Directory 範囲の取得の無効化"
++#: src/tools/sss_cache.c:757
++msgid "Only invalidate entries from a particular domain"
++msgstr "特定のドメインのみからエントリーを無効にする"
+
+-#~ msgid "Length of time to wait for a search request"
+-#~ msgstr "検索要求を待つ時間"
++#: src/tools/sss_cache.c:811
++msgid ""
++"Unexpected argument(s) provided, options that invalidate a single object "
++"only accept a single provided argument.\n"
++msgstr "予期しない引数が提供される場合、1 つのオブジェクトを無効化するオプションは、提供された引数を 1 つだけ受け取ります。\n"
+
+-#~ msgid "Length of time to wait for a enumeration request"
+-#~ msgstr "列挙の要求を待つ時間"
++#: src/tools/sss_cache.c:821
++msgid "Please select at least one object to invalidate\n"
++msgstr "無効化するオブジェクトを少なくとも一つ選択してください\n"
+
+-#~ msgid "Length of time between enumeration updates"
+-#~ msgstr "列挙の更新間隔"
++#: src/tools/sss_cache.c:904
++#, c-format
++msgid ""
++"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
++"use fully qualified name instead of --domain/-d parameter.\n"
++msgstr ""
++"ドメイン %1$s を開けませんでした。ドメインがサブドメイン (信頼済みドメイン) であれば、--domain/-d "
++"パラメーターの代わりに完全修飾名を使用してください。\n"
+
+-#~ msgid "Length of time between cache cleanups"
+-#~ msgstr "キャッシュをクリーンアップする間隔"
++#: src/tools/sss_cache.c:909
++msgid "Could not open available domains\n"
++msgstr "利用可能なドメインを開けませんでした\n"
+
+-#~ msgid "Require TLS for ID lookups"
+-#~ msgstr "ID 検索に TLS を要求する"
++#: src/tools/tools_util.c:202
++#, c-format
++msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
++msgstr "名前 '%1$s' が FQDN であるように見えません ('%2$s = TRUE' が設定されます)\n"
+
+-#~ msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+-#~ msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します"
++#: src/tools/tools_util.c:309
++msgid "Out of memory\n"
++msgstr "メモリー不足\n"
+
+-#~ msgid "Base DN for user lookups"
+-#~ msgstr "ユーザー検索のベース DN"
++#: src/tools/tools_util.h:40
++#, c-format
++msgid "%1$s must be run as root\n"
++msgstr "%1$s は root として実行する必要があります\n"
+
+-#~ msgid "Scope of user lookups"
+-#~ msgstr "ユーザー検索の範囲"
++#: src/tools/sssctl/sssctl.c:35
++msgid "yes"
++msgstr "はい"
+
+-#~ msgid "Filter for user lookups"
+-#~ msgstr "ユーザー検索のフィルター"
++#: src/tools/sssctl/sssctl.c:37
++msgid "no"
++msgstr "いいえ"
+
+-#~ msgid "Objectclass for users"
+-#~ msgstr "ユーザーのオブジェクトクラス"
++#: src/tools/sssctl/sssctl.c:39
++msgid "error"
++msgstr "エラー"
+
+-#~ msgid "Username attribute"
+-#~ msgstr "ユーザー名の属性"
++#: src/tools/sssctl/sssctl.c:42
++msgid "Invalid result."
++msgstr "無効な結果。"
+
+-#~ msgid "UID attribute"
+-#~ msgstr "UID の属性"
++#: src/tools/sssctl/sssctl.c:78
++msgid "Unable to read user input\n"
++msgstr "ユーザーインプットの読み込みができませんでした\n"
+
+-#~ msgid "Primary GID attribute"
+-#~ msgstr "プライマリー GID の属性"
++#: src/tools/sssctl/sssctl.c:91
++#, c-format
++msgid "Invalid input, please provide either '%s' or '%s'.\n"
++msgstr "無効なインプットです。'%s' または '%s' のいずれかを提供してください。\n"
+
+-#~ msgid "GECOS attribute"
+-#~ msgstr "GECOS の属性"
++#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
++msgid "Error while executing external command\n"
++msgstr "外部のコマンドを実行中にエラーが発生しました\n"
+
+-#~ msgid "Home directory attribute"
+-#~ msgstr "ホームディレクトリーの属性"
++#: src/tools/sssctl/sssctl.c:156
++msgid "SSSD needs to be running. Start SSSD now?"
++msgstr "SSSD を実行する必要があります。SSSD をすぐに実行しますか?"
+
+-#~ msgid "Shell attribute"
+-#~ msgstr "シェルの属性"
++#: src/tools/sssctl/sssctl.c:195
++msgid "SSSD must not be running. Stop SSSD now?"
++msgstr "SSSD を実行してはいけません。SSSD を今、停止しますか?"
+
+-#~ msgid "UUID attribute"
+-#~ msgstr "UUID 属性"
++#: src/tools/sssctl/sssctl.c:231
++msgid "SSSD needs to be restarted. Restart SSSD now?"
++msgstr "SSSD は再起動が必要です。SSSD を今、再起動しますか?"
+
+-#~ msgid "objectSID attribute"
+-#~ msgstr "objectSID 属性"
++#: src/tools/sssctl/sssctl_cache.c:31
++#, c-format
++msgid " %s is not present in cache.\n"
++msgstr " %s はキャッシュにありません\n"
+
+-#~ msgid "Active Directory primary group attribute for ID-mapping"
+-#~ msgstr "ID マッピングの Active Directory プライマリーグループ属性"
++#: src/tools/sssctl/sssctl_cache.c:33
++msgid "Name"
++msgstr "名前"
+
+-#~ msgid "User principal attribute (for Kerberos)"
+-#~ msgstr "ユーザープリンシパルの属性(Kerberos 用)"
++#: src/tools/sssctl/sssctl_cache.c:34
++msgid "Cache entry creation date"
++msgstr "キャッシュエントリーの作成日"
+
+-#~ msgid "Full Name"
+-#~ msgstr "氏名"
++#: src/tools/sssctl/sssctl_cache.c:35
++msgid "Cache entry last update time"
++msgstr "キャッシュエントリーが最後に更新された時間"
+
+-#~ msgid "memberOf attribute"
+-#~ msgstr "memberOf 属性"
++#: src/tools/sssctl/sssctl_cache.c:36
++msgid "Cache entry expiration time"
++msgstr "キャッシュエントリーの期限切れ時間"
+
+-#~ msgid "Modification time attribute"
+-#~ msgstr "変更日時の属性"
++#: src/tools/sssctl/sssctl_cache.c:37
++msgid "Cached in InfoPipe"
++msgstr "InfoPipe にキャッシュ"
+
+-#~ msgid "shadowLastChange attribute"
+-#~ msgstr "shadowLastChange 属性"
++#: src/tools/sssctl/sssctl_cache.c:522
++#, c-format
++msgid "Error: Unable to get object [%d]: %s\n"
++msgstr "エラー: オブジェクト [%d] を取得できません: %s\n"
+
+-#~ msgid "shadowMin attribute"
+-#~ msgstr "shadowMin 属性"
++#: src/tools/sssctl/sssctl_cache.c:538
++#, c-format
++msgid "%s: Unable to read value [%d]: %s\n"
++msgstr "%s: 値 [%d] の読み込みができません: %s\n"
+
+-#~ msgid "shadowMax attribute"
+-#~ msgstr "shadowMax 属性"
++#: src/tools/sssctl/sssctl_cache.c:566
++msgid "Specify name."
++msgstr "名前を指定します。"
+
+-#~ msgid "shadowWarning attribute"
+-#~ msgstr "shadowWarning 属性"
++#: src/tools/sssctl/sssctl_cache.c:576
++#, c-format
++msgid "Unable to parse name %s.\n"
++msgstr "名前 %s を構文解析できません。\n"
+
+-#~ msgid "shadowInactive attribute"
+-#~ msgstr "shadowInactive 属性"
++#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
++msgid "Search by SID"
++msgstr "SID で検索"
+
+-#~ msgid "shadowExpire attribute"
+-#~ msgstr "shadowExpire 属性"
++#: src/tools/sssctl/sssctl_cache.c:603
++msgid "Search by user ID"
++msgstr "ユーザーID で検索"
+
+-#~ msgid "shadowFlag attribute"
+-#~ msgstr "shadowFlag 属性"
++#: src/tools/sssctl/sssctl_cache.c:612
++msgid "Initgroups expiration time"
++msgstr "Initgroups の期限切れ時間"
+
+-#~ msgid "Attribute listing authorized PAM services"
+-#~ msgstr "認可された PAM サービスを一覧化する属性"
++#: src/tools/sssctl/sssctl_cache.c:650
++msgid "Search by group ID"
++msgstr "グループ ID で検索"
+
+-#~ msgid "Attribute listing authorized server hosts"
+-#~ msgstr "認可されたサーバーホストを一覧化する属性"
++#: src/tools/sssctl/sssctl_config.c:112
++#, c-format
++msgid "Failed to open %s\n"
++msgstr "%s を開くことに失敗しました\n"
+
+-#~ msgid "Attribute listing authorized server rhosts"
+-#~ msgstr "認可されたサーバー rhosts を一覧化する属性"
++#: src/tools/sssctl/sssctl_config.c:117
++#, c-format
++msgid "File %1$s does not exist.\n"
++msgstr "ファイル %1$s は存在しません。\n"
+
+-#~ msgid "krbLastPwdChange attribute"
+-#~ msgstr "krbLastPwdChange 属性"
++#: src/tools/sssctl/sssctl_config.c:121
++msgid ""
++"File ownership and permissions check failed. Expected root:root and 0600.\n"
++msgstr "ファイルの所有権とパーミッションの確認に失敗しました。予期される root:root および 0600。\n"
+
+-#~ msgid "krbPasswordExpiration attribute"
+-#~ msgstr "krbPasswordExpiration 属性"
++#: src/tools/sssctl/sssctl_config.c:127
++#, c-format
++msgid "Failed to load configuration from %s.\n"
++msgstr ""
+
+-#~ msgid "Attribute indicating that server side password policies are active"
+-#~ msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
++#: src/tools/sssctl/sssctl_config.c:133
++msgid "Error while reading configuration directory.\n"
++msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n"
+
+-#~ msgid "accountExpires attribute of AD"
+-#~ msgstr "AD の accountExpires 属性"
++#: src/tools/sssctl/sssctl_config.c:141
++msgid ""
++"There is no configuration. SSSD will use default configuration with files "
++"provider.\n"
++msgstr "設定はありません。SSSD は、ファイルプロバイダーでデフォルト設定を使用します。\n"
+
+-#~ msgid "userAccountControl attribute of AD"
+-#~ msgstr "AD の userAccountControl 属性"
++#: src/tools/sssctl/sssctl_config.c:153
++msgid "Failed to run validators"
++msgstr "バリデーターの実行に失敗しました"
+
+-#~ msgid "nsAccountLock attribute"
+-#~ msgstr "nsAccountLock 属性"
++#: src/tools/sssctl/sssctl_config.c:157
++#, c-format
++msgid "Issues identified by validators: %zu\n"
++msgstr "バリデーターで特定された問題: %zu\n"
+
+-#~ msgid "loginDisabled attribute of NDS"
+-#~ msgstr "NDS の loginDisabled 属性"
++#: src/tools/sssctl/sssctl_config.c:168
++#, c-format
++msgid "Messages generated during configuration merging: %zu\n"
++msgstr "設定のマージ中に生成されたメッセージ: %zu\n"
+
+-#~ msgid "loginExpirationTime attribute of NDS"
+-#~ msgstr "NDS の loginExpirationTime 属性"
++#: src/tools/sssctl/sssctl_config.c:179
++#, c-format
++msgid "Used configuration snippet files: %zu\n"
++msgstr "使用された設定スニペットファイル: %zu\n"
+
+-#~ msgid "loginAllowedTimeMap attribute of NDS"
+-#~ msgstr "NDS の loginAllowedTimeMap 属性"
++#: src/tools/sssctl/sssctl_data.c:89
++#, c-format
++msgid "Unable to create backup directory [%d]: %s"
++msgstr "バックアップディレクトリー [%d] を作成できません: %s"
+
+-#~ msgid "SSH public key attribute"
+-#~ msgstr "SSH 公開鍵の属性"
++#: src/tools/sssctl/sssctl_data.c:95
++msgid "SSSD backup of local data already exists, override?"
++msgstr "ローカルデータの SSSD バックアップはすでに存在しますが、上書きしますか?"
+
+-#~ msgid "attribute listing allowed authentication types for a user"
+-#~ msgstr "ユーザー用に許可された認証タイプを一覧化する属性"
++#: src/tools/sssctl/sssctl_data.c:111
++msgid "Unable to export user overrides\n"
++msgstr "ユーザーの上書きをエクスポートできません\n"
+
+-#~ msgid "attribute containing the X509 certificate of the user"
+-#~ msgstr "ユーザーの X509 証明書を含む属性"
++#: src/tools/sssctl/sssctl_data.c:118
++msgid "Unable to export group overrides\n"
++msgstr "グループの上書きをエクスポートできません\n"
+
+-#~ msgid "attribute containing the email address of the user"
+-#~ msgstr "ユーザーの電子メールアドレスを含む属性"
++#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
++msgid "Override existing backup"
++msgstr "既存のバックアップを上書き"
+
+-#~ msgid "A list of extra attributes to download along with the user entry"
+-#~ msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧"
++#: src/tools/sssctl/sssctl_data.c:164
++msgid "Unable to import user overrides\n"
++msgstr "ユーザーの上書きをインポートできません\n"
+
+-#~ msgid "Base DN for group lookups"
+-#~ msgstr "グループ検索のベース DN"
++#: src/tools/sssctl/sssctl_data.c:173
++msgid "Unable to import group overrides\n"
++msgstr "グループの上書きをインポートできません\n"
+
+-#~ msgid "Objectclass for groups"
+-#~ msgstr "グループのオブジェクトクラス"
++#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
++#: src/tools/sssctl/sssctl_domains.c:328
++msgid "Start SSSD if it is not running"
++msgstr "実行中でない場合、SSSD を開始します"
+
+-#~ msgid "Group name"
+-#~ msgstr "グループ名"
++#: src/tools/sssctl/sssctl_data.c:195
++msgid "Restart SSSD after data import"
++msgstr "データのインポートの後、SSSD を再起動します"
+
+-#~ msgid "Group password"
+-#~ msgstr "グループのパスワード"
++#: src/tools/sssctl/sssctl_data.c:218
++msgid "Create clean cache files and import local data"
++msgstr "クリーンなキャッシュファイルを作成し、ローカルデータをインポートします"
+
+-#~ msgid "GID attribute"
+-#~ msgstr "GID 属性"
++#: src/tools/sssctl/sssctl_data.c:219
++msgid "Stop SSSD before removing the cache"
++msgstr "キャッシュを削除する前に SSSD を停止します"
+
+-#~ msgid "Group member attribute"
+-#~ msgstr "グループメンバー属性"
++#: src/tools/sssctl/sssctl_data.c:220
++msgid "Start SSSD when the cache is removed"
++msgstr "キャッシュの削除後に SSSD を開始します"
+
+-#~ msgid "Group UUID attribute"
+-#~ msgstr "グループ UUID 属性"
++#: src/tools/sssctl/sssctl_data.c:235
++msgid "Creating backup of local data...\n"
++msgstr "ローカルデータのバックアップを作成中...\n"
+
+-#~ msgid "Modification time attribute for groups"
+-#~ msgstr "グループの変更日時の属性"
++#: src/tools/sssctl/sssctl_data.c:238
++msgid "Unable to create backup of local data, can not remove the cache.\n"
++msgstr "ローカルデータのバックアップの作成ができません。キャッシュを削除できません。\n"
+
+-#~ msgid "Type of the group and other flags"
+-#~ msgstr "グループおよび他のフラグのタイプ"
++#: src/tools/sssctl/sssctl_data.c:243
++msgid "Removing cache files...\n"
++msgstr "キャッシュファイルの削除中...\n"
+
+-#~ msgid "The LDAP group external member attribute"
+-#~ msgstr "LDAP グループの外部メンバーの属性"
++#: src/tools/sssctl/sssctl_data.c:246
++msgid "Unable to remove cache files\n"
++msgstr "キャッシュファイルを削除できません\n"
+
+-#~ msgid "Maximum nesting level SSSD will follow"
+-#~ msgstr "SSSD が従う最大ネストレベル"
++#: src/tools/sssctl/sssctl_data.c:251
++msgid "Restoring local data...\n"
++msgstr "ローカルデータの復元中...\n"
+
+-#~ msgid "Base DN for netgroup lookups"
+-#~ msgstr "ネットグループ検索のベース DN"
++#: src/tools/sssctl/sssctl_domains.c:83
++msgid "Show domain list including primary or trusted domain type"
++msgstr "プライマリーまたは信頼されたドメインタイプを含むドメインリストを表示します"
+
+-#~ msgid "Objectclass for netgroups"
+-#~ msgstr "ネットグループのオブジェクトクラス"
++#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
++#: src/tools/sssctl/sssctl_user_checks.c:95
++msgid "Unable to connect to system bus!\n"
++msgstr "システムバスに接続できません。\n"
+
+-#~ msgid "Netgroup name"
+-#~ msgstr "ネットグループ名"
++#: src/tools/sssctl/sssctl_domains.c:167
++msgid "Online"
++msgstr "オンライン"
+
+-#~ msgid "Netgroups members attribute"
+-#~ msgstr "ネットグループメンバーの属性"
++#: src/tools/sssctl/sssctl_domains.c:167
++msgid "Offline"
++msgstr "オフライン"
+
+-#~ msgid "Netgroup triple attribute"
+-#~ msgstr "ネットグループの三つ組の属性"
++#: src/tools/sssctl/sssctl_domains.c:167
++#, c-format
++msgid "Online status: %s\n"
++msgstr "オンライン状態: %s\n"
+
+-#~ msgid "Modification time attribute for netgroups"
+-#~ msgstr "ネットグループの変更日時の属性"
++#: src/tools/sssctl/sssctl_domains.c:213
++msgid "This domain has no active servers.\n"
++msgstr "このドメインには、アクティブなサーバーはありません。\n"
+
+-#~ msgid "Base DN for service lookups"
+-#~ msgstr "サービス検索のベース DN"
++#: src/tools/sssctl/sssctl_domains.c:218
++msgid "Active servers:\n"
++msgstr "アクティブサーバー:\n"
+
+-#~ msgid "Objectclass for services"
+-#~ msgstr "サービスのオブジェクトクラス"
++#: src/tools/sssctl/sssctl_domains.c:230
++msgid "not connected"
++msgstr "接続していません"
+
+-#~ msgid "Service name attribute"
+-#~ msgstr "サービス名の属性"
++#: src/tools/sssctl/sssctl_domains.c:267
++msgid "No servers discovered.\n"
++msgstr "サーバーが見つかりません。\n"
+
+-#~ msgid "Service port attribute"
+-#~ msgstr "サービスポートの属性"
++#: src/tools/sssctl/sssctl_domains.c:273
++#, c-format
++msgid "Discovered %s servers:\n"
++msgstr "%s サーバーが見つかりました:\n"
+
+-#~ msgid "Service protocol attribute"
+-#~ msgstr "サービスプロトコルの属性"
++#: src/tools/sssctl/sssctl_domains.c:285
++msgid "None so far.\n"
++msgstr "今のところありません。\n"
+
+-#~ msgid "Lower bound for ID-mapping"
+-#~ msgstr "ID マッピングの下限"
++#: src/tools/sssctl/sssctl_domains.c:325
++msgid "Show online status"
++msgstr "オンライン状態を表示"
+
+-#~ msgid "Upper bound for ID-mapping"
+-#~ msgstr "ID マッピングの上限"
++#: src/tools/sssctl/sssctl_domains.c:326
++msgid "Show information about active server"
++msgstr "アクティブサーバーに関する情報の表示"
+
+-#~ msgid "Number of IDs for each slice when ID-mapping"
+-#~ msgstr "ID マッピングするとき、各スライスに対する ID の数"
++#: src/tools/sssctl/sssctl_domains.c:327
++msgid "Show list of discovered servers"
++msgstr "見つかったサーバーに関する一覧を表示"
+
+-#~ msgid "Use autorid-compatible algorithm for ID-mapping"
+-#~ msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します"
++#: src/tools/sssctl/sssctl_domains.c:333
++msgid "Specify domain name."
++msgstr "ドメイン名を指定します。"
+
+-#~ msgid "Name of the default domain for ID-mapping"
+-#~ msgstr "ID マッピングに対するデフォルトドメインの名前"
++#: src/tools/sssctl/sssctl_domains.c:355
++msgid "Out of memory!\n"
++msgstr "メモリーの空き容量がありません。\n"
+
+-#~ msgid "SID of the default domain for ID-mapping"
+-#~ msgstr "ID マッピングに対するデフォルトドメインの SID"
++#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
++msgid "Unable to get online status\n"
++msgstr "オンライン状態を取得できません\n"
+
+-#~ msgid "Number of secondary slices"
+-#~ msgstr "セカンダリースライスの数"
++#: src/tools/sssctl/sssctl_domains.c:395
++msgid "Unable to get server list\n"
++msgstr "サーバー一覧を取得できません\n"
+
+-#~ msgid "Whether to use Token-Groups"
+-#~ msgstr "Token-Group を使うかどうか"
++#: src/tools/sssctl/sssctl_logs.c:46
++msgid "\n"
++msgstr "\n"
+
+-#~ msgid "Set lower boundary for allowed IDs from the LDAP server"
+-#~ msgstr "LDAP サーバーから許可される ID の下限の設定"
++#: src/tools/sssctl/sssctl_logs.c:236
++msgid "Delete log files instead of truncating"
++msgstr "切り捨てる代わりにログファイルを削除します"
+
+-#~ msgid "Set upper boundary for allowed IDs from the LDAP server"
+-#~ msgstr "LDAP サーバーから許可される ID の上限の設定"
++#: src/tools/sssctl/sssctl_logs.c:247
++msgid "Deleting log files...\n"
++msgstr "ログファイルを削除中...\n"
+
+-#~ msgid "DN for ppolicy queries"
+-#~ msgstr "ppolicy クエリーの DN"
++#: src/tools/sssctl/sssctl_logs.c:250
++msgid "Unable to remove log files\n"
++msgstr "ログファイルを削除できません\n"
+
+-#~ msgid "How many maximum entries to fetch during a wildcard request"
+-#~ msgstr "ワイルドカードの要求の間に取得する最大エントリーの数"
++#: src/tools/sssctl/sssctl_logs.c:256
++msgid "Truncating log files...\n"
++msgstr "ログファイルを切り捨てます...\n"
+
+-#~ msgid "Policy to evaluate the password expiration"
+-#~ msgstr "パスワード失効の評価のポリシー"
++#: src/tools/sssctl/sssctl_logs.c:259
++msgid "Unable to truncate log files\n"
++msgstr "ログファイルの切り捨てができません\n"
+
+-#~ msgid "Which attributes shall be used to evaluate if an account is expired"
+-#~ msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
++#: src/tools/sssctl/sssctl_logs.c:285
++msgid "Out of memory!"
++msgstr "メモリーの空き容量がありません。"
+
+-#~ msgid "Which rules should be used to evaluate access control"
+-#~ msgstr "どのルールがアクセス制御を評価するために使用されるか"
++#: src/tools/sssctl/sssctl_logs.c:288
++#, c-format
++msgid "Archiving log files into %s...\n"
++msgstr "ログファイルを %s へアーカイブ中...\n"
+
+-#~ msgid "URI of an LDAP server where password changes are allowed"
+-#~ msgstr "パスワードの変更が許可される LDAP サーバーの URI"
++#: src/tools/sssctl/sssctl_logs.c:291
++msgid "Unable to archive log files\n"
++msgstr "ログファイルのアーカイブができません\n"
+
+-#~ msgid "URI of a backup LDAP server where password changes are allowed"
+-#~ msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI"
++#: src/tools/sssctl/sssctl_logs.c:316
++msgid "Specify debug level you want to set"
++msgstr "設定したいデバッグレベルを指定します"
+
+-#~ msgid "DNS service name for LDAP password change server"
+-#~ msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
++#: src/tools/sssctl/sssctl_user_checks.c:117
++msgid "SSSD InfoPipe user lookup result:\n"
++msgstr "SSSD InfoPipe ユーザー検索の結果:\n"
+
+-#~ msgid ""
+-#~ "Whether to update the ldap_user_shadow_last_change attribute after a "
+-#~ "password change"
+-#~ msgstr ""
+-#~ "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか"
++#: src/tools/sssctl/sssctl_user_checks.c:167
++#, c-format
++msgid "dlopen failed with [%s].\n"
++msgstr "dlopen は [%s] で失敗しました。\n"
+
+-#~ msgid "Base DN for sudo rules lookups"
+-#~ msgstr "sudo ルール検索のベース DN"
++#: src/tools/sssctl/sssctl_user_checks.c:174
++#, c-format
++msgid "dlsym failed with [%s].\n"
++msgstr "dlsym は [%s] で失敗しました。\n"
+
+-#~ msgid "Automatic full refresh period"
+-#~ msgstr "自動的な完全更新間隔"
++#: src/tools/sssctl/sssctl_user_checks.c:182
++msgid "malloc failed.\n"
++msgstr "malloc は失敗しました。\n"
+
+-#~ msgid "Automatic smart refresh period"
+-#~ msgstr "自動的なスマート更新間隔"
++#: src/tools/sssctl/sssctl_user_checks.c:189
++#, c-format
++msgid "sss_getpwnam_r failed with [%d].\n"
++msgstr "sss_getpwnam_r が [%d] で失敗しました。\n"
+
+-#~ msgid "Whether to filter rules by hostname, IP addresses and network"
+-#~ msgstr ""
+-#~ "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するか"
+-#~ "どうか"
++#: src/tools/sssctl/sssctl_user_checks.c:194
++msgid "SSSD nss user lookup result:\n"
++msgstr "SSSD nss ユーザー検索の結果:\n"
+
+-#~ msgid ""
+-#~ "Hostnames and/or fully qualified domain names of this machine to filter "
+-#~ "sudo rules"
+-#~ msgstr ""
+-#~ "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイ"
+-#~ "ン名"
++#: src/tools/sssctl/sssctl_user_checks.c:195
++#, c-format
++msgid " - user name: %s\n"
++msgstr " - user name: %s\n"
+
+-#~ msgid ""
+-#~ "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
+-#~ msgstr ""
+-#~ "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたは"
+-#~ "ネットワーク"
++#: src/tools/sssctl/sssctl_user_checks.c:196
++#, c-format
++msgid " - user id: %d\n"
++msgstr " - user id: %d\n"
+
+-#~ msgid "Whether to include rules that contains netgroup in host attribute"
+-#~ msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか"
++#: src/tools/sssctl/sssctl_user_checks.c:197
++#, c-format
++msgid " - group id: %d\n"
++msgstr " - group id: %d\n"
+
+-#~ msgid ""
+-#~ "Whether to include rules that contains regular expression in host "
+-#~ "attribute"
+-#~ msgstr "ホスト属性に正規表現を含むルールを含めるかどうか"
++#: src/tools/sssctl/sssctl_user_checks.c:198
++#, c-format
++msgid " - gecos: %s\n"
++msgstr " - gecos: %s\n"
+
+-#~ msgid "Object class for sudo rules"
+-#~ msgstr "sudo ルールのオブジェクトクラス"
++#: src/tools/sssctl/sssctl_user_checks.c:199
++#, c-format
++msgid " - home directory: %s\n"
++msgstr " - home directory: %s\n"
+
+-#~ msgid "Name of attribute that is used as object class for sudo rules"
+-#~ msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前"
++#: src/tools/sssctl/sssctl_user_checks.c:200
++#, c-format
++msgid " - shell: %s\n"
++"\n"
++msgstr " - shell: %s\n"
++"\n"
+
+-#~ msgid "Sudo rule name"
+-#~ msgstr "sudo ルール名"
++#: src/tools/sssctl/sssctl_user_checks.c:232
++msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
++msgstr "PAM アクション [auth|acct|setc|chau|open|clos]、デフォルト: "
+
+-#~ msgid "Sudo rule command attribute"
+-#~ msgstr "sudo ルールのコマンドの属性"
++#: src/tools/sssctl/sssctl_user_checks.c:235
++msgid "PAM service, default: "
++msgstr "PAM サービス、デフォルト: "
+
+-#~ msgid "Sudo rule host attribute"
+-#~ msgstr "sudo ルールのホストの属性"
++#: src/tools/sssctl/sssctl_user_checks.c:240
++msgid "Specify user name."
++msgstr "ユーザー名を指定します。"
+
+-#~ msgid "Sudo rule user attribute"
+-#~ msgstr "sudo ルールのユーザーの属性"
++#: src/tools/sssctl/sssctl_user_checks.c:247
++#, c-format
++msgid "user: %s\n"
++"action: %s\n"
++"service: %s\n"
++"\n"
++msgstr "ユーザー: %s\n"
++"アクション: %s\n"
++"サービス: %s\n"
++"\n"
+
+-#~ msgid "Sudo rule option attribute"
+-#~ msgstr "sudo ルールのオプションの属性"
++#: src/tools/sssctl/sssctl_user_checks.c:252
++#, c-format
++msgid "User name lookup with [%s] failed.\n"
++msgstr "[%s] でのユーザー名の検索に失敗しました。\n"
+
+-#~ msgid "Sudo rule runas attribute"
+-#~ msgstr "sudo ルールの runas の属性"
++#: src/tools/sssctl/sssctl_user_checks.c:257
++#, c-format
++msgid "InfoPipe User lookup with [%s] failed.\n"
++msgstr "[%s] での InfoPipe ユーザーの検索に失敗しました。\n"
+
+-#~ msgid "Sudo rule runasuser attribute"
+-#~ msgstr "sudo ルールの runasuser の属性"
++#: src/tools/sssctl/sssctl_user_checks.c:263
++#, c-format
++msgid "pam_start failed: %s\n"
++msgstr "pam_start に失敗しました: %s\n"
+
+-#~ msgid "Sudo rule runasgroup attribute"
+-#~ msgstr "sudo ルールの runasgroup の属性"
++#: src/tools/sssctl/sssctl_user_checks.c:268
++msgid "testing pam_authenticate\n"
++"\n"
++msgstr "pam_authenticate のテスト中\n"
++"\n"
+
+-#~ msgid "Sudo rule notbefore attribute"
+-#~ msgstr "sudo ルールの notbefore の属性"
++#: src/tools/sssctl/sssctl_user_checks.c:272
++#, c-format
++msgid "pam_get_item failed: %s\n"
++msgstr "pam_get_item に失敗しました: %s\n"
+
+-#~ msgid "Sudo rule notafter attribute"
+-#~ msgstr "sudo ルールの notafter の属性"
++#: src/tools/sssctl/sssctl_user_checks.c:275
++#, c-format
++msgid "pam_authenticate for user [%s]: %s\n"
++"\n"
++msgstr "ユーザー [%s] 向けの pam_authenticate: %s\n"
++"\n"
+
+-#~ msgid "Sudo rule order attribute"
+-#~ msgstr "sudo ルールの order の属性"
++#: src/tools/sssctl/sssctl_user_checks.c:278
++msgid "testing pam_chauthtok\n"
++"\n"
++msgstr "pam_chauthtok のテスト中\n"
++"\n"
+
+-#~ msgid "Object class for automounter maps"
+-#~ msgstr "automounter マップのオブジェクトクラス"
++#: src/tools/sssctl/sssctl_user_checks.c:280
++#, c-format
++msgid "pam_chauthtok: %s\n"
++"\n"
++msgstr "pam_chauthtok: %s\n"
++"\n"
+
+-#~ msgid "Automounter map name attribute"
+-#~ msgstr "オートマウントのマップ名の属性"
++#: src/tools/sssctl/sssctl_user_checks.c:282
++msgid "testing pam_acct_mgmt\n"
++"\n"
++msgstr "pam_acct_mgmt のテスト中\n"
++"\n"
+
+-#~ msgid "Object class for automounter map entries"
+-#~ msgstr "automounter マップエントリーのオブジェクトクラス"
++#: src/tools/sssctl/sssctl_user_checks.c:284
++#, c-format
++msgid "pam_acct_mgmt: %s\n"
++"\n"
++msgstr "pam_acct_mgmt: %s\n"
++"\n"
+
+-#~ msgid "Automounter map entry key attribute"
+-#~ msgstr "automounter マップエントリーの鍵属性"
++#: src/tools/sssctl/sssctl_user_checks.c:286
++msgid "testing pam_setcred\n"
++"\n"
++msgstr "pam_setcred のテスト中\n"
++"\n"
+
+-#~ msgid "Automounter map entry value attribute"
+-#~ msgstr "automounter マップエントリーの値属性"
++#: src/tools/sssctl/sssctl_user_checks.c:288
++#, c-format
++msgid "pam_setcred: [%s]\n"
++"\n"
++msgstr "pam_setcred: [%s]\n"
++"\n"
+
+-#~ msgid "Base DN for automounter map lookups"
+-#~ msgstr "automonter のマップ検索のベース DN"
++#: src/tools/sssctl/sssctl_user_checks.c:290
++msgid "testing pam_open_session\n"
++"\n"
++msgstr "pam_open_session のテスト中\n"
++"\n"
+
+-#~ msgid "Comma separated list of allowed users"
+-#~ msgstr "許可ユーザーのカンマ区切り一覧"
++#: src/tools/sssctl/sssctl_user_checks.c:292
++#, c-format
++msgid "pam_open_session: %s\n"
++"\n"
++msgstr "pam_open_session: %s\n"
++"\n"
+
+-#~ msgid "Comma separated list of prohibited users"
+-#~ msgstr "禁止ユーザーのカンマ区切り一覧"
++#: src/tools/sssctl/sssctl_user_checks.c:294
++msgid "testing pam_close_session\n"
++"\n"
++msgstr "pam_close_session のテスト中\n"
++"\n"
+
+-#~ msgid "Default shell, /bin/bash"
+-#~ msgstr "デフォルトのシェル, /bin/bash"
++#: src/tools/sssctl/sssctl_user_checks.c:296
++#, c-format
++msgid "pam_close_session: %s\n"
++"\n"
++msgstr "pam_close_session: %s\n"
++"\n"
+
+-#~ msgid "Base for home directories"
+-#~ msgstr "ホームディレクトリーのベース"
++#: src/tools/sssctl/sssctl_user_checks.c:298
++msgid "unknown action\n"
++msgstr "不明なアクション\n"
+
+-#~ msgid "The number of preforked proxy children."
+-#~ msgstr "事前にフォークされた子プロキシーの数。"
++#: src/tools/sssctl/sssctl_user_checks.c:301
++msgid "PAM Environment:\n"
++msgstr "PAM 環境:\n"
+
+-#~ msgid "The name of the NSS library to use"
+-#~ msgstr "使用する NSS ライブラリーの名前"
++#: src/tools/sssctl/sssctl_user_checks.c:309
++msgid " - no env -\n"
++msgstr " - no env -\n"
+
+-#~ msgid "Whether to look up canonical group name from cache if possible"
+-#~ msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
++#: src/util/util.h:82
++msgid "The user ID to run the server as"
++msgstr "次のようにサーバーを実行するユーザー ID"
+
+-#~ msgid "PAM stack to use"
+-#~ msgstr "使用する PAM スタック"
++#: src/util/util.h:84
++msgid "The group ID to run the server as"
++msgstr "次のようにサーバーを実行するグループ ID"
+
+-#~ msgid "Path of passwd file sources."
+-#~ msgstr "passwd ファイルソースへのパス"
++#: src/util/util.h:92
++msgid "Informs that the responder has been socket-activated"
++msgstr "レスポンダーがソケットでアクティベートされたと知らせます"
+
+-#~ msgid "Path of group file sources."
+-#~ msgstr "グループファイルソースへのパス"
++#: src/util/util.h:94
++msgid "Informs that the responder has been dbus-activated"
++msgstr "レスポンダーが dbus でアクティベートされたと知らせます"
+diff --git a/po/sssd.pot b/po/sssd.pot
+index 04a6fb83f..83b388a02 100644
+--- a/po/sssd.pot
++++ b/po/sssd.pot
+@@ -8,7 +8,7 @@ msgid ""
+ msgstr ""
+ "Project-Id-Version: PACKAGE VERSION\n"
+ "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+-"POT-Creation-Date: 2020-05-19 12:05+0200\n"
++"POT-Creation-Date: 2020-06-17 22:51+0200\n"
+ "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+ "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+ "Language-Team: LANGUAGE <LL@li.org>\n"
+@@ -17,6 +17,1801 @@ msgstr ""
+ "Content-Type: text/plain; charset=CHARSET\n"
+ "Content-Transfer-Encoding: 8bit\n"
+
++#: src/config/SSSDConfig/sssdoptions.py:20
++#: src/config/SSSDConfig/sssdoptions.py:21
++msgid "Set the verbosity of the debug logging"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:22
++msgid "Include timestamps in debug logs"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:23
++msgid "Include microseconds in timestamps in debug logs"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:24
++msgid "Write debug messages to logfiles"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:25
++msgid "Watchdog timeout before restarting service"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:26
++msgid "Command to start service"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:27
++msgid "Number of times to attempt connection to Data Providers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:28
++msgid "The number of file descriptors that may be opened by this responder"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:29
++msgid "Idle time before automatic disconnection of a client"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:30
++msgid "Idle time before automatic shutdown of the responder"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:31
++msgid "Always query all the caches before querying the Data Providers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:32
++msgid ""
++"When SSSD switches to offline mode the amount of time before it tries to go "
++"back online will increase based upon the time spent disconnected. This value "
++"is in seconds and calculated by the following: offline_timeout + "
++"random_offset."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:38
++msgid ""
++"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
++"version 2."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:39
++msgid "SSSD Services to start"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:40
++msgid "SSSD Domains to start"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:41
++msgid "Timeout for messages sent over the SBUS"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:42
++msgid "Regex to parse username and domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:43
++msgid "Printf-compatible format for displaying fully-qualified names"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:44
++msgid ""
++"Directory on the filesystem where SSSD should store Kerberos replay cache "
++"files."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:45
++msgid "Domain to add to names without a domain component."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:46
++msgid "The user to drop privileges to"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:47
++msgid "Tune certificate verification"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:48
++msgid "All spaces in group or user names will be replaced with this character"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:49
++msgid "Tune sssd to honor or ignore netlink state changes"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:50
++msgid "Enable or disable the implicit files domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:51
++msgid "A specific order of the domains to be looked up"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:52
++msgid ""
++"Controls if SSSD should monitor the state of resolv.conf to identify when it "
++"needs to update its internal DNS resolver."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:54
++msgid ""
++"SSSD monitors the state of resolv.conf to identify when it needs to update "
++"its internal DNS resolver. By default, we will attempt to use inotify for "
++"this, and will fall back to polling resolv.conf every five seconds if "
++"inotify cannot be used."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:59
++msgid "Enumeration cache timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:60
++msgid "Entry cache background update timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:61
++#: src/config/SSSDConfig/sssdoptions.py:112
++msgid "Negative cache timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:62
++msgid "Files negative cache timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:63
++msgid "Users that SSSD should explicitly ignore"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:64
++msgid "Groups that SSSD should explicitly ignore"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:65
++msgid "Should filtered users appear in groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:66
++msgid "The value of the password field the NSS provider should return"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:67
++msgid "Override homedir value from the identity provider with this value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:68
++msgid ""
++"Substitute empty homedir value from the identity provider with this value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:69
++msgid "Override shell value from the identity provider with this value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:70
++msgid "The list of shells users are allowed to log in with"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:71
++msgid ""
++"The list of shells that will be vetoed, and replaced with the fallback shell"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:72
++msgid ""
++"If a shell stored in central directory is allowed but not available, use "
++"this fallback"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:73
++msgid "Shell to use if the provider does not list one"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:74
++msgid "How long will be in-memory cache records valid"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:75
++msgid ""
++"The value of this option will be used in the expansion of the "
++"override_homedir option if the template contains the format string %H."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:77
++msgid ""
++"Specifies time in seconds for which the list of subdomains will be "
++"considered valid."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:79
++msgid ""
++"The entry cache can be set to automatically update entries in the background "
++"if they are requested beyond a percentage of the entry_cache_timeout value "
++"for the domain."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:84
++msgid "How long to allow cached logins between online logins (days)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:85
++msgid "How many failed logins attempts are allowed when offline"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:87
++msgid ""
++"How long (minutes) to deny login after offline_failed_login_attempts has "
++"been reached"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:88
++msgid "What kind of messages are displayed to the user during authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:89
++msgid "Filter PAM responses sent to the pam_sss"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:90
++msgid "How many seconds to keep identity information cached for PAM requests"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:91
++msgid "How many days before password expiration a warning should be displayed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:92
++msgid "List of trusted uids or user's name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:93
++msgid "List of domains accessible even for untrusted users."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:94
++msgid "Message printed when user account is expired."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:95
++msgid "Message printed when user account is locked."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:96
++msgid "Allow certificate based/Smartcard authentication."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:97
++msgid "Path to certificate database with PKCS#11 modules."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:98
++msgid "How many seconds will pam_sss wait for p11_child to finish"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:99
++msgid "Which PAM services are permitted to contact application domains"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:100
++msgid "Allowed services for using smartcards"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:101
++msgid "Additional timeout to wait for a card if requested"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:102
++msgid ""
++"PKCS#11 URI to restrict the selection of devices for Smartcard authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:103
++msgid "When shall the PAM responder force an initgroups request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:106
++msgid "Whether to evaluate the time-based attributes in sudo rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:107
++msgid "If true, SSSD will switch back to lower-wins ordering logic"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:108
++msgid ""
++"Maximum number of rules that can be refreshed at once. If this is exceeded, "
++"full refresh is performed."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:115
++msgid "Whether to hash host names and addresses in the known_hosts file"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:116
++msgid ""
++"How many seconds to keep a host in the known_hosts file after its host keys "
++"were requested"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:118
++msgid "Path to storage of trusted CA certificates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:119
++msgid "Allow to generate ssh-keys from certificates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:120
++msgid ""
++"Use the following matching rules to filter the certificates for ssh-key "
++"generation"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:124
++msgid "List of UIDs or user names allowed to access the PAC responder"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:125
++msgid "How long the PAC data is considered valid"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:128
++msgid "List of user attributes the InfoPipe is allowed to publish"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:131
++msgid "The provider where the secrets will be stored in"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:132
++msgid "The maximum allowed number of nested containers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:133
++msgid "The maximum number of secrets that can be stored"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:134
++msgid "The maximum number of secrets that can be stored per UID"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:135
++msgid "The maximum payload size of a secret in kilobytes"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:137
++msgid "The URL Custodia server is listening on"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:138
++msgid "The method to use when authenticating to a Custodia server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:139
++msgid ""
++"The name of the headers that will be added into a HTTP request with the "
++"value defined in auth_header_value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:141
++msgid "The value sssd-secrets would use for auth_header_name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:142
++msgid ""
++"The list of the headers to forward to the Custodia server together with the "
++"request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:143
++msgid ""
++"The username to use when authenticating to a Custodia server using basic_auth"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:144
++msgid ""
++"The password to use when authenticating to a Custodia server using basic_auth"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:145
++msgid "If true peer's certificate is verified if proxy_url uses https protocol"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:146
++msgid ""
++"If false peer's certificate may contain different hostname than proxy_url "
++"when https protocol is used"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:148
++msgid "Path to directory where certificate authority certificates are stored"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:149
++msgid "Path to file containing server's CA certificate"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:150
++msgid "Path to file containing client's certificate"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:151
++msgid "Path to file containing client's private key"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:154
++msgid ""
++"One of the following strings specifying the scope of session recording: none "
++"- No users are recorded. some - Users/groups specified by users and groups "
++"options are recorded. all - All users are recorded."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:157
++msgid ""
++"A comma-separated list of users which should have session recording enabled. "
++"Matches user names as returned by NSS. I.e. after the possible space "
++"replacement, case changes, etc."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:159
++msgid ""
++"A comma-separated list of groups, members of which should have session "
++"recording enabled. Matches group names as returned by NSS. I.e. after the "
++"possible space replacement, case changes, etc."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:164
++msgid "Identity provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:165
++msgid "Authentication provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:166
++msgid "Access control provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:167
++msgid "Password change provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:168
++msgid "SUDO provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:169
++msgid "Autofs provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:170
++msgid "Host identity provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:171
++msgid "SELinux provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:172
++msgid "Session management provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:173
++msgid "Resolver provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:176
++msgid "Whether the domain is usable by the OS or by applications"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:177
++msgid "Minimum user ID"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:178
++msgid "Maximum user ID"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:179
++msgid "Enable enumerating all users/groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:180
++msgid "Cache credentials for offline login"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:181
++msgid "Display users/groups in fully-qualified form"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:182
++msgid "Don't include group members in group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:183
++#: src/config/SSSDConfig/sssdoptions.py:193
++#: src/config/SSSDConfig/sssdoptions.py:194
++#: src/config/SSSDConfig/sssdoptions.py:195
++#: src/config/SSSDConfig/sssdoptions.py:196
++#: src/config/SSSDConfig/sssdoptions.py:197
++#: src/config/SSSDConfig/sssdoptions.py:198
++#: src/config/SSSDConfig/sssdoptions.py:199
++msgid "Entry cache timeout length (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:184
++msgid ""
++"Restrict or prefer a specific address family when performing DNS lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:185
++msgid "How long to keep cached entries after last successful login (days)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:186
++msgid ""
++"How long should SSSD talk to single DNS server before trying next server "
++"(miliseconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:188
++msgid "How long should keep trying to resolve single DNS query (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:189
++msgid "How long to wait for replies from DNS when resolving servers (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:190
++msgid "The domain part of service discovery DNS query"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:191
++msgid "Override GID value from the identity provider with this value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:192
++msgid "Treat usernames as case sensitive"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:200
++msgid "How often should expired entries be refreshed in background"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:201
++msgid "Whether to automatically update the client's DNS entry"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:202
++#: src/config/SSSDConfig/sssdoptions.py:232
++msgid "The TTL to apply to the client's DNS entry after updating it"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:203
++#: src/config/SSSDConfig/sssdoptions.py:233
++msgid "The interface whose IP should be used for dynamic DNS updates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:204
++msgid "How often to periodically update the client's DNS entry"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:205
++msgid "Whether the provider should explicitly update the PTR record as well"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:206
++msgid "Whether the nsupdate utility should default to using TCP"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:207
++msgid "What kind of authentication should be used to perform the DNS update"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:208
++msgid "Override the DNS server used to perform the DNS update"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:209
++msgid "Control enumeration of trusted domains"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:210
++msgid "How often should subdomains list be refreshed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:211
++msgid "List of options that should be inherited into a subdomain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:212
++msgid "Default subdomain homedir value"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:213
++msgid "How long can cached credentials be used for cached authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:214
++msgid "Whether to automatically create private groups for users"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:215
++msgid "Display a warning N days before the password expires."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:216
++msgid ""
++"Various tags stored by the realmd configuration service for this domain."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:217
++msgid ""
++"The provider which should handle fetching of subdomains. This value should "
++"be always the same as id_provider."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:219
++msgid ""
++"How many seconds to keep a host ssh key after refresh. IE how long to cache "
++"the host key for."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:221
++msgid ""
++"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
++"this value determines the minimal length the first authentication factor "
++"(long term password) must have to be saved as SHA512 hash into the cache."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:227
++msgid "IPA domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:228
++msgid "IPA server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:229
++msgid "Address of backup IPA server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:230
++msgid "IPA client hostname"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:231
++msgid "Whether to automatically update the client's DNS entry in FreeIPA"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:234
++msgid "Search base for HBAC related objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:235
++msgid ""
++"The amount of time between lookups of the HBAC rules against the IPA server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:236
++msgid ""
++"The amount of time in seconds between lookups of the SELinux maps against "
++"the IPA server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:238
++msgid "If set to false, host argument given by PAM will be ignored"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:239
++msgid "The automounter location this IPA client is using"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:240
++msgid "Search base for object containing info about IPA domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:241
++msgid "Search base for objects containing info about ID ranges"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:242
++#: src/config/SSSDConfig/sssdoptions.py:296
++msgid "Enable DNS sites - location based service discovery"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:243
++msgid "Search base for view containers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:244
++msgid "Objectclass for view containers"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:245
++msgid "Attribute with the name of the view"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:246
++msgid "Objectclass for override objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:247
++msgid "Attribute with the reference to the original object"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:248
++msgid "Objectclass for user override objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:249
++msgid "Objectclass for group override objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:250
++msgid "Search base for Desktop Profile related objects"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:251
++msgid ""
++"The amount of time in seconds between lookups of the Desktop Profile rules "
++"against the IPA server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:253
++msgid ""
++"The amount of time in minutes between lookups of Desktop Profiles rules "
++"against the IPA server when the last request did not find any rule"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:256
++msgid "The LDAP attribute that contains FQDN of the host."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:257
++#: src/config/SSSDConfig/sssdoptions.py:280
++msgid "The object class of a host entry in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:258
++msgid "Use the given string as search base for host objects."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:259
++msgid "The LDAP attribute that contains the host's SSH public keys."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:260
++msgid "The LDAP attribute that contains NIS domain name of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:261
++msgid "The LDAP attribute that contains the names of the netgroup's members."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:262
++msgid ""
++"The LDAP attribute that lists FQDNs of hosts and host groups that are "
++"members of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:264
++msgid ""
++"The LDAP attribute that lists hosts and host groups that are direct members "
++"of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:266
++msgid "The LDAP attribute that lists netgroup's memberships."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:267
++msgid ""
++"The LDAP attribute that lists system users and groups that are direct "
++"members of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:269
++msgid "The LDAP attribute that corresponds to the netgroup name."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:270
++msgid "The object class of a netgroup entry in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:271
++msgid ""
++"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:272
++msgid ""
++"The LDAP attribute that contains whether or not is user map enabled for "
++"usage."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:274
++msgid "The LDAP attribute that contains host category such as 'all'."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:275
++msgid ""
++"The LDAP attribute that contains all hosts / hostgroups this rule match "
++"against."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:277
++msgid ""
++"The LDAP attribute that contains all users / groups this rule match against."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:279
++msgid "The LDAP attribute that contains the name of SELinux usermap."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:281
++msgid ""
++"The LDAP attribute that contains DN of HBAC rule which can be used for "
++"matching instead of memberUser and memberHost."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:283
++msgid "The LDAP attribute that contains SELinux user string itself."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:284
++msgid "The LDAP attribute that contains user category such as 'all'."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:285
++msgid "The LDAP attribute that contains unique ID of the user map."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:286
++msgid ""
++"The option denotes that the SSSD is running on IPA server and should perform "
++"lookups of users and groups from trusted domains differently."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:288
++msgid "Use the given string as search base for trusted domains."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:291
++msgid "Active Directory domain"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:292
++msgid "Enabled Active Directory domains"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:293
++msgid "Active Directory server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:294
++msgid "Active Directory backup server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:295
++msgid "Active Directory client hostname"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:297
++#: src/config/SSSDConfig/sssdoptions.py:488
++msgid "LDAP filter to determine access privileges"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:298
++msgid "Whether to use the Global Catalog for lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:299
++msgid "Operation mode for GPO-based access control"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:300
++msgid ""
++"The amount of time between lookups of the GPO policy files against the AD "
++"server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:301
++msgid ""
++"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
++"settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:303
++msgid ""
++"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
++"policy settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:305
++msgid ""
++"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:306
++msgid ""
++"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:307
++msgid ""
++"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:308
++msgid "PAM service names for which GPO-based access is always granted"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:309
++msgid "PAM service names for which GPO-based access is always denied"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:310
++msgid ""
++"Default logon right (or permit/deny) to use for unmapped PAM service names"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:311
++msgid "a particular site to be used by the client"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:312
++msgid ""
++"Maximum age in days before the machine account password should be renewed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:314
++msgid "Option for tuning the machine account renewal task"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:315
++msgid "Whether to update the machine account password in the Samba database"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:317
++msgid "Use LDAPS port for LDAP and Global Catalog requests"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:320
++#: src/config/SSSDConfig/sssdoptions.py:321
++msgid "Kerberos server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:322
++msgid "Kerberos backup server address"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:323
++msgid "Kerberos realm"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:324
++msgid "Authentication timeout"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:325
++msgid "Whether to create kdcinfo files"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:326
++msgid "Where to drop krb5 config snippets"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:329
++msgid "Directory to store credential caches"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:330
++msgid "Location of the user's credential cache"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:331
++msgid "Location of the keytab to validate credentials"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:332
++msgid "Enable credential validation"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:333
++msgid "Store password if offline for later online authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:334
++msgid "Renewable lifetime of the TGT"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:335
++msgid "Lifetime of the TGT"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:336
++msgid "Time between two checks for renewal"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:337
++msgid "Enables FAST"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:338
++msgid "Selects the principal to use for FAST"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:339
++msgid "Enables principal canonicalization"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:340
++msgid "Enables enterprise principals"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:341
++msgid "A mapping from user names to Kerberos principal names"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:344
++#: src/config/SSSDConfig/sssdoptions.py:345
++msgid "Server where the change password service is running if not on the KDC"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:348
++msgid "ldap_uri, The URI of the LDAP server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:349
++msgid "ldap_backup_uri, The URI of the LDAP server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:350
++msgid "The default base DN"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:351
++msgid "The Schema Type in use on the LDAP server, rfc2307"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:352
++msgid "Mode used to change user password"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:353
++msgid "The default bind DN"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:354
++msgid "The type of the authentication token of the default bind DN"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:355
++msgid "The authentication token of the default bind DN"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:356
++msgid "Length of time to attempt connection"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:357
++msgid "Length of time to attempt synchronous LDAP operations"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:358
++msgid "Length of time between attempts to reconnect while offline"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:359
++msgid "Use only the upper case for realm names"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:360
++msgid "File that contains CA certificates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:361
++msgid "Path to CA certificate directory"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:362
++msgid "File that contains the client certificate"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:363
++msgid "File that contains the client key"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:364
++msgid "List of possible ciphers suites"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:365
++msgid "Require TLS certificate verification"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:366
++msgid "Specify the sasl mechanism to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:367
++msgid "Specify the sasl authorization id to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:368
++msgid "Specify the sasl authorization realm to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:369
++msgid "Specify the minimal SSF for LDAP sasl authorization"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:370
++msgid "Specify the maximal SSF for LDAP sasl authorization"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:371
++msgid "Kerberos service keytab"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:372
++msgid "Use Kerberos auth for LDAP connection"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:373
++msgid "Follow LDAP referrals"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:374
++msgid "Lifetime of TGT for LDAP connection"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:375
++msgid "How to dereference aliases"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:376
++msgid "Service name for DNS service lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:377
++msgid "The number of records to retrieve in a single LDAP query"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:378
++msgid "The number of members that must be missing to trigger a full deref"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:379
++msgid ""
++"Whether the LDAP library should perform a reverse lookup to canonicalize the "
++"host name during a SASL bind"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:381
++msgid ""
++"Allows to retain local users as members of an LDAP group for servers that "
++"use the RFC2307 schema."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:384
++msgid "entryUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:385
++msgid "lastUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:387
++msgid "How long to retain a connection to the LDAP server before disconnecting"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:390
++msgid "Disable the LDAP paging control"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:391
++msgid "Disable Active Directory range retrieval"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:394
++msgid "Length of time to wait for a search request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:395
++msgid "Length of time to wait for a enumeration request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:396
++msgid "Length of time between enumeration updates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:397
++msgid "Length of time between cache cleanups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:398
++msgid "Require TLS for ID lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:399
++msgid "Use ID-mapping of objectSID instead of pre-set IDs"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:400
++msgid "Base DN for user lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:401
++msgid "Scope of user lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:402
++msgid "Filter for user lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:403
++msgid "Objectclass for users"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:404
++msgid "Username attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:405
++msgid "UID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:406
++msgid "Primary GID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:407
++msgid "GECOS attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:408
++msgid "Home directory attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:409
++msgid "Shell attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:410
++msgid "UUID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:411
++#: src/config/SSSDConfig/sssdoptions.py:449
++msgid "objectSID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:412
++msgid "Active Directory primary group attribute for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:413
++msgid "User principal attribute (for Kerberos)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:414
++msgid "Full Name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:415
++msgid "memberOf attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:416
++msgid "Modification time attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:417
++msgid "shadowLastChange attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:418
++msgid "shadowMin attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:419
++msgid "shadowMax attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:420
++msgid "shadowWarning attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:421
++msgid "shadowInactive attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:422
++msgid "shadowExpire attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:423
++msgid "shadowFlag attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:424
++msgid "Attribute listing authorized PAM services"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:425
++msgid "Attribute listing authorized server hosts"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:426
++msgid "Attribute listing authorized server rhosts"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:427
++msgid "krbLastPwdChange attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:428
++msgid "krbPasswordExpiration attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:429
++msgid "Attribute indicating that server side password policies are active"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:430
++msgid "accountExpires attribute of AD"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:431
++msgid "userAccountControl attribute of AD"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:432
++msgid "nsAccountLock attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:433
++msgid "loginDisabled attribute of NDS"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:434
++msgid "loginExpirationTime attribute of NDS"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:435
++msgid "loginAllowedTimeMap attribute of NDS"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:436
++msgid "SSH public key attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:437
++msgid "attribute listing allowed authentication types for a user"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:438
++msgid "attribute containing the X509 certificate of the user"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:439
++msgid "attribute containing the email address of the user"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:440
++msgid "A list of extra attributes to download along with the user entry"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:442
++msgid "Base DN for group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:443
++msgid "Objectclass for groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:444
++msgid "Group name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:445
++msgid "Group password"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:446
++msgid "GID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:447
++msgid "Group member attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:448
++msgid "Group UUID attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:450
++msgid "Modification time attribute for groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:451
++msgid "Type of the group and other flags"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:452
++msgid "The LDAP group external member attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:453
++msgid "Maximum nesting level SSSD will follow"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:454
++msgid "Filter for group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:455
++msgid "Scope of group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:457
++msgid "Base DN for netgroup lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:458
++msgid "Objectclass for netgroups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:459
++msgid "Netgroup name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:460
++msgid "Netgroups members attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:461
++msgid "Netgroup triple attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:462
++msgid "Modification time attribute for netgroups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:464
++msgid "Base DN for service lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:465
++msgid "Objectclass for services"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:466
++msgid "Service name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:467
++msgid "Service port attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:468
++msgid "Service protocol attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:470
++msgid "Lower bound for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:471
++msgid "Upper bound for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:472
++msgid "Number of IDs for each slice when ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:473
++msgid "Use autorid-compatible algorithm for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:474
++msgid "Name of the default domain for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:475
++msgid "SID of the default domain for ID-mapping"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:476
++msgid "Number of secondary slices"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:478
++msgid "Whether to use Token-Groups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:479
++msgid "Set lower boundary for allowed IDs from the LDAP server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:480
++msgid "Set upper boundary for allowed IDs from the LDAP server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:481
++msgid "DN for ppolicy queries"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:482
++msgid "How many maximum entries to fetch during a wildcard request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:485
++msgid "Policy to evaluate the password expiration"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:489
++msgid "Which attributes shall be used to evaluate if an account is expired"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:490
++msgid "Which rules should be used to evaluate access control"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:493
++msgid "URI of an LDAP server where password changes are allowed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:494
++msgid "URI of a backup LDAP server where password changes are allowed"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:495
++msgid "DNS service name for LDAP password change server"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:496
++msgid ""
++"Whether to update the ldap_user_shadow_last_change attribute after a "
++"password change"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:500
++msgid "Base DN for sudo rules lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:501
++msgid "Automatic full refresh period"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:502
++msgid "Automatic smart refresh period"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:503
++msgid "Whether to filter rules by hostname, IP addresses and network"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:504
++msgid ""
++"Hostnames and/or fully qualified domain names of this machine to filter sudo "
++"rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:505
++msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:506
++msgid "Whether to include rules that contains netgroup in host attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:507
++msgid ""
++"Whether to include rules that contains regular expression in host attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:508
++msgid "Object class for sudo rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:509
++msgid "Name of attribute that is used as object class for sudo rules"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:510
++msgid "Sudo rule name"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:511
++msgid "Sudo rule command attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:512
++msgid "Sudo rule host attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:513
++msgid "Sudo rule user attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:514
++msgid "Sudo rule option attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:515
++msgid "Sudo rule runas attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:516
++msgid "Sudo rule runasuser attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:517
++msgid "Sudo rule runasgroup attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:518
++msgid "Sudo rule notbefore attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:519
++msgid "Sudo rule notafter attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:520
++msgid "Sudo rule order attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:523
++msgid "Object class for automounter maps"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:524
++msgid "Automounter map name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:525
++msgid "Object class for automounter map entries"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:526
++msgid "Automounter map entry key attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:527
++msgid "Automounter map entry value attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:528
++msgid "Base DN for automounter map lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:529
++msgid "The name of the automount master map in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:532
++msgid "Base DN for IP hosts lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:533
++msgid "Object class for IP hosts"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:534
++msgid "IP host name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:535
++msgid "IP host number (address) attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:536
++msgid "IP host entryUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:537
++msgid "Base DN for IP networks lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:538
++msgid "Object class for IP networks"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:539
++msgid "IP network name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:540
++msgid "IP network number (address) attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:541
++msgid "IP network entryUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:544
++msgid "Comma separated list of allowed users"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:545
++msgid "Comma separated list of prohibited users"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:546
++msgid ""
++"Comma separated list of groups that are allowed to log in. This applies only "
++"to groups within this SSSD domain. Local groups are not evaluated."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:548
++msgid ""
++"Comma separated list of groups that are explicitly denied access. This "
++"applies only to groups within this SSSD domain. Local groups are not "
++"evaluated."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:552
++msgid "Base for home directories"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:553
++msgid "Indicate if a home directory should be created for new users."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:554
++msgid "Indicate if a home directory should be removed for deleted users."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:555
++msgid "Specify the default permissions on a newly created home directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:556
++msgid "The skeleton directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:557
++msgid "The mail spool directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:558
++msgid "The command that is run after a user is removed."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:561
++msgid "The number of preforked proxy children."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:564
++msgid "The name of the NSS library to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:565
++msgid "The name of the NSS library to use for hosts and networks lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:566
++msgid "Whether to look up canonical group name from cache if possible"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:569
++msgid "PAM stack to use"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:572
++msgid "Path of passwd file sources."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:573
++msgid "Path of group file sources."
++msgstr ""
++
+ #: src/monitor/monitor.c:2371
+ msgid "Become a daemon (default)"
+ msgstr ""
+@@ -29,7 +1824,8 @@ msgstr ""
+ msgid "Disable netlink interface"
+ msgstr ""
+
+-#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_logs.c:310
++#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_config.c:77
++#: src/tools/sssctl/sssctl_logs.c:310
+ msgid "Specify a non-default config file"
+ msgstr ""
+
+@@ -145,88 +1941,88 @@ msgstr ""
+ msgid "Permission denied. "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:779
+-#: src/sss_client/pam_sss.c:790
++#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:781
++#: src/sss_client/pam_sss.c:792
+ msgid "Server message: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:297
++#: src/sss_client/pam_sss.c:299
+ msgid "Passwords do not match"
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:485
++#: src/sss_client/pam_sss.c:487
+ msgid "Password reset by root is not supported."
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:526
++#: src/sss_client/pam_sss.c:528
+ msgid "Authenticated with cached credentials"
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:527
++#: src/sss_client/pam_sss.c:529
+ msgid ", your cached password will expire at: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:557
++#: src/sss_client/pam_sss.c:559
+ #, c-format
+ msgid "Your password has expired. You have %1$d grace login(s) remaining."
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:603
++#: src/sss_client/pam_sss.c:605
+ #, c-format
+ msgid "Your password will expire in %1$d %2$s."
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:652
++#: src/sss_client/pam_sss.c:654
+ msgid "Authentication is denied until: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:673
++#: src/sss_client/pam_sss.c:675
+ msgid "System is offline, password change not possible"
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:688
++#: src/sss_client/pam_sss.c:690
+ msgid ""
+ "After changing the OTP password, you need to log out and back in order to "
+ "acquire a ticket"
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
++#: src/sss_client/pam_sss.c:778 src/sss_client/pam_sss.c:791
+ msgid "Password change failed. "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2008
++#: src/sss_client/pam_sss.c:2015
+ msgid "New Password: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2009
++#: src/sss_client/pam_sss.c:2016
+ msgid "Reenter new Password: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2171 src/sss_client/pam_sss.c:2174
++#: src/sss_client/pam_sss.c:2178 src/sss_client/pam_sss.c:2181
+ msgid "First Factor: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
++#: src/sss_client/pam_sss.c:2179 src/sss_client/pam_sss.c:2353
+ msgid "Second Factor (optional): "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
++#: src/sss_client/pam_sss.c:2182 src/sss_client/pam_sss.c:2356
+ msgid "Second Factor: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2190
++#: src/sss_client/pam_sss.c:2200
+ msgid "Password: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
++#: src/sss_client/pam_sss.c:2352 src/sss_client/pam_sss.c:2355
+ msgid "First Factor (Current Password): "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2349
++#: src/sss_client/pam_sss.c:2359
+ msgid "Current Password: "
+ msgstr ""
+
+-#: src/sss_client/pam_sss.c:2704
++#: src/sss_client/pam_sss.c:2714
+ msgid "Password expired. Change your password now."
+ msgstr ""
+
+@@ -901,51 +2697,51 @@ msgstr ""
+ msgid "Search by group ID"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:70
++#: src/tools/sssctl/sssctl_config.c:112
+ #, c-format
+ msgid "Failed to open %s\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:75
++#: src/tools/sssctl/sssctl_config.c:117
+ #, c-format
+ msgid "File %1$s does not exist.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:79
++#: src/tools/sssctl/sssctl_config.c:121
+ msgid ""
+ "File ownership and permissions check failed. Expected root:root and 0600.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:85
++#: src/tools/sssctl/sssctl_config.c:127
+ #, c-format
+ msgid "Failed to load configuration from %s.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:91
++#: src/tools/sssctl/sssctl_config.c:133
+ msgid "Error while reading configuration directory.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:99
++#: src/tools/sssctl/sssctl_config.c:141
+ msgid ""
+ "There is no configuration. SSSD will use default configuration with files "
+ "provider.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:111
++#: src/tools/sssctl/sssctl_config.c:153
+ msgid "Failed to run validators"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:115
++#: src/tools/sssctl/sssctl_config.c:157
+ #, c-format
+ msgid "Issues identified by validators: %zu\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:126
++#: src/tools/sssctl/sssctl_config.c:168
+ #, c-format
+ msgid "Messages generated during configuration merging: %zu\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:137
++#: src/tools/sssctl/sssctl_config.c:179
+ #, c-format
+ msgid "Used configuration snippet files: %zu\n"
+ msgstr ""
+diff --git a/po/zh_CN.po b/po/zh_CN.po
+index 44579e70f..892f81453 100644
+--- a/po/zh_CN.po
++++ b/po/zh_CN.po
+@@ -4,41 +4,1845 @@
+ #
+ # Translators:
+ # Christopher Meng <cickumqt@gmail.com>, 2012
++# Ludek Janda <ljanda@redhat.com>, 2020. #zanata
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: PACKAGE VERSION\n"
+ "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+-"POT-Creation-Date: 2020-05-19 12:05+0200\n"
+-"PO-Revision-Date: 2014-12-14 11:50+0000\n"
++"POT-Creation-Date: 2020-06-17 22:51+0200\n"
++"MIME-Version: 1.0\n"
++"Content-Type: text/plain; charset=UTF-8\n"
++"Content-Transfer-Encoding: 8bit\n"
++"PO-Revision-Date: 2020-06-18 09:05+0000\n"
+ "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
+ "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
+ "language/zh_CN/)\n"
+ "Language: zh_CN\n"
+-"MIME-Version: 1.0\n"
+-"Content-Type: text/plain; charset=UTF-8\n"
+-"Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=1; plural=0;\n"
+ "X-Generator: Zanata 4.6.2\n"
+
++#: src/config/SSSDConfig/sssdoptions.py:20
++#: src/config/SSSDConfig/sssdoptions.py:21
++msgid "Set the verbosity of the debug logging"
++msgstr "设定调试日志记录等级"
++
++#: src/config/SSSDConfig/sssdoptions.py:22
++msgid "Include timestamps in debug logs"
++msgstr "在调试日志中包含时间戳"
++
++#: src/config/SSSDConfig/sssdoptions.py:23
++msgid "Include microseconds in timestamps in debug logs"
++msgstr "在调试日志中的时间戳中包含微秒"
++
++#: src/config/SSSDConfig/sssdoptions.py:24
++msgid "Write debug messages to logfiles"
++msgstr "写入调试信息到日志文件"
++
++#: src/config/SSSDConfig/sssdoptions.py:25
++msgid "Watchdog timeout before restarting service"
++msgstr "重新启动服务前 Watchdog 超时"
++
++#: src/config/SSSDConfig/sssdoptions.py:26
++msgid "Command to start service"
++msgstr "启动服务命令"
++
++#: src/config/SSSDConfig/sssdoptions.py:27
++msgid "Number of times to attempt connection to Data Providers"
++msgstr "试图连接到 Data Providers 的次数"
++
++#: src/config/SSSDConfig/sssdoptions.py:28
++msgid "The number of file descriptors that may be opened by this responder"
++msgstr "可能会被该响应者打开的文件描述符的数量"
++
++#: src/config/SSSDConfig/sssdoptions.py:29
++msgid "Idle time before automatic disconnection of a client"
++msgstr "客户端自动断开连接之前的空闲时间"
++
++#: src/config/SSSDConfig/sssdoptions.py:30
++msgid "Idle time before automatic shutdown of the responder"
++msgstr "自动关闭响应者之前的空闲时间"
++
++#: src/config/SSSDConfig/sssdoptions.py:31
++msgid "Always query all the caches before querying the Data Providers"
++msgstr "在查询 Data Providers 之前,始终查询所有缓存"
++
++#: src/config/SSSDConfig/sssdoptions.py:32
++msgid ""
++"When SSSD switches to offline mode the amount of time before it tries to go "
++"back online will increase based upon the time spent disconnected. This value "
++"is in seconds and calculated by the following: offline_timeout + "
++"random_offset."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:38
++msgid ""
++"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
++"version 2."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:39
++msgid "SSSD Services to start"
++msgstr "SSSD 服务启动"
++
++#: src/config/SSSDConfig/sssdoptions.py:40
++msgid "SSSD Domains to start"
++msgstr "SSSD 域启动"
++
++#: src/config/SSSDConfig/sssdoptions.py:41
++msgid "Timeout for messages sent over the SBUS"
++msgstr "通过 SBUS 发送的消息超时"
++
++#: src/config/SSSDConfig/sssdoptions.py:42
++msgid "Regex to parse username and domain"
++msgstr "正则表达式解析用户名和域"
++
++#: src/config/SSSDConfig/sssdoptions.py:43
++msgid "Printf-compatible format for displaying fully-qualified names"
++msgstr "兼容 Printf 的格式用于显示完全限定名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:44
++msgid ""
++"Directory on the filesystem where SSSD should store Kerberos replay cache "
++"files."
++msgstr "SSSD 应该在其中存储 Kerberos 重放缓存文件的文件系统上的目录。"
++
++#: src/config/SSSDConfig/sssdoptions.py:45
++msgid "Domain to add to names without a domain component."
++msgstr "要添加到名称中的域,没有域组件。"
++
++#: src/config/SSSDConfig/sssdoptions.py:46
++msgid "The user to drop privileges to"
++msgstr "放弃特权的用户"
++
++#: src/config/SSSDConfig/sssdoptions.py:47
++msgid "Tune certificate verification"
++msgstr "调整证书验证"
++
++#: src/config/SSSDConfig/sssdoptions.py:48
++msgid "All spaces in group or user names will be replaced with this character"
++msgstr "组或用户名中的所有空格都将替换为该字符"
++
++#: src/config/SSSDConfig/sssdoptions.py:49
++msgid "Tune sssd to honor or ignore netlink state changes"
++msgstr "调整 sssd 来接受或忽略 netlink 状态更改"
++
++#: src/config/SSSDConfig/sssdoptions.py:50
++msgid "Enable or disable the implicit files domain"
++msgstr "启用或禁用隐式文件域"
++
++#: src/config/SSSDConfig/sssdoptions.py:51
++msgid "A specific order of the domains to be looked up"
++msgstr "要查询的域的特定顺序"
++
++#: src/config/SSSDConfig/sssdoptions.py:52
++msgid ""
++"Controls if SSSD should monitor the state of resolv.conf to identify when it "
++"needs to update its internal DNS resolver."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:54
++msgid ""
++"SSSD monitors the state of resolv.conf to identify when it needs to update "
++"its internal DNS resolver. By default, we will attempt to use inotify for "
++"this, and will fall back to polling resolv.conf every five seconds if "
++"inotify cannot be used."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:59
++msgid "Enumeration cache timeout length (seconds)"
++msgstr "枚举缓存超时时间(秒)"
++
++#: src/config/SSSDConfig/sssdoptions.py:60
++msgid "Entry cache background update timeout length (seconds)"
++msgstr "条目缓存后台更新超时时间(秒)"
++
++#: src/config/SSSDConfig/sssdoptions.py:61
++#: src/config/SSSDConfig/sssdoptions.py:112
++msgid "Negative cache timeout length (seconds)"
++msgstr "负缓存超时时间(秒)"
++
++#: src/config/SSSDConfig/sssdoptions.py:62
++msgid "Files negative cache timeout length (seconds)"
++msgstr "文件负缓存超时时间(秒)"
++
++#: src/config/SSSDConfig/sssdoptions.py:63
++msgid "Users that SSSD should explicitly ignore"
++msgstr "SSSD 应该明确忽略的用户"
++
++#: src/config/SSSDConfig/sssdoptions.py:64
++msgid "Groups that SSSD should explicitly ignore"
++msgstr "SSSD 应该明确忽略的组"
++
++#: src/config/SSSDConfig/sssdoptions.py:65
++msgid "Should filtered users appear in groups"
++msgstr "出现在组中的应将过滤的用户"
++
++#: src/config/SSSDConfig/sssdoptions.py:66
++msgid "The value of the password field the NSS provider should return"
++msgstr "NSS 提供程序应返回的密码字段的值"
++
++#: src/config/SSSDConfig/sssdoptions.py:67
++msgid "Override homedir value from the identity provider with this value"
++msgstr "使用此值覆盖来自身份提供者的 homedir 值"
++
++#: src/config/SSSDConfig/sssdoptions.py:68
++msgid ""
++"Substitute empty homedir value from the identity provider with this value"
++msgstr "使用此值替换来自身份提供者的空的 homedir 值"
++
++#: src/config/SSSDConfig/sssdoptions.py:69
++msgid "Override shell value from the identity provider with this value"
++msgstr "使用此值覆盖来自身份提供者的 shell 值"
++
++#: src/config/SSSDConfig/sssdoptions.py:70
++msgid "The list of shells users are allowed to log in with"
++msgstr "允许进行登陆的 shell 用户列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:71
++msgid ""
++"The list of shells that will be vetoed, and replaced with the fallback shell"
++msgstr "将被否决并替换为后备 shell 的 shell 列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:72
++msgid ""
++"If a shell stored in central directory is allowed but not available, use "
++"this fallback"
++msgstr "如果允许使用存储在中央目录中的 shell 但并不存在,使用这个后备"
++
++#: src/config/SSSDConfig/sssdoptions.py:73
++msgid "Shell to use if the provider does not list one"
++msgstr "如果提供程序未列出,则使用这个 shell"
++
++#: src/config/SSSDConfig/sssdoptions.py:74
++msgid "How long will be in-memory cache records valid"
++msgstr "内存缓存记录有效期的长度"
++
++#: src/config/SSSDConfig/sssdoptions.py:75
++msgid ""
++"The value of this option will be used in the expansion of the "
++"override_homedir option if the template contains the format string %H."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:77
++msgid ""
++"Specifies time in seconds for which the list of subdomains will be "
++"considered valid."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:79
++msgid ""
++"The entry cache can be set to automatically update entries in the background "
++"if they are requested beyond a percentage of the entry_cache_timeout value "
++"for the domain."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:84
++msgid "How long to allow cached logins between online logins (days)"
++msgstr "在线登录间隔多长时间内允许使用缓存的登录(以天为单位)"
++
++#: src/config/SSSDConfig/sssdoptions.py:85
++msgid "How many failed logins attempts are allowed when offline"
++msgstr "离线时允许多少次失败的登录尝试"
++
++#: src/config/SSSDConfig/sssdoptions.py:87
++msgid ""
++"How long (minutes) to deny login after offline_failed_login_attempts has "
++"been reached"
++msgstr "当达到 offline_failed_login_attempts 之后多长时间要拒绝登录(以分钟为单位)"
++
++#: src/config/SSSDConfig/sssdoptions.py:88
++msgid "What kind of messages are displayed to the user during authentication"
++msgstr "在身份验证期间向用户显示什么信息"
++
++#: src/config/SSSDConfig/sssdoptions.py:89
++msgid "Filter PAM responses sent to the pam_sss"
++msgstr "过滤发送到 pam_sss 的 PAM 响应"
++
++#: src/config/SSSDConfig/sssdoptions.py:90
++msgid "How many seconds to keep identity information cached for PAM requests"
++msgstr "为 PAM 请求保留多长时间的身份信息缓存(以秒为单位)"
++
++#: src/config/SSSDConfig/sssdoptions.py:91
++msgid "How many days before password expiration a warning should be displayed"
++msgstr "在密码过期前几天应显示警告信息"
++
++#: src/config/SSSDConfig/sssdoptions.py:92
++msgid "List of trusted uids or user's name"
++msgstr "受信任的 uid 或用户名列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:93
++msgid "List of domains accessible even for untrusted users."
++msgstr "即使不受信任的用户也可以访问的域列表。"
++
++#: src/config/SSSDConfig/sssdoptions.py:94
++msgid "Message printed when user account is expired."
++msgstr "当用户帐户过期时显示的消息。"
++
++#: src/config/SSSDConfig/sssdoptions.py:95
++msgid "Message printed when user account is locked."
++msgstr "当用户帐户被锁住时显示的消息。"
++
++#: src/config/SSSDConfig/sssdoptions.py:96
++msgid "Allow certificate based/Smartcard authentication."
++msgstr "允许基于证书/智能卡的身份验证。"
++
++#: src/config/SSSDConfig/sssdoptions.py:97
++msgid "Path to certificate database with PKCS#11 modules."
++msgstr "带有 PKCS#11 模块的证书数据库的路径。"
++
++#: src/config/SSSDConfig/sssdoptions.py:98
++msgid "How many seconds will pam_sss wait for p11_child to finish"
++msgstr "pam_sss 等待 p11_child 完成的时间(以秒为单位)"
++
++#: src/config/SSSDConfig/sssdoptions.py:99
++msgid "Which PAM services are permitted to contact application domains"
++msgstr "允许哪些 PAM 服务联系应用程序域"
++
++#: src/config/SSSDConfig/sssdoptions.py:100
++msgid "Allowed services for using smartcards"
++msgstr "允许服务使用智能卡"
++
++#: src/config/SSSDConfig/sssdoptions.py:101
++msgid "Additional timeout to wait for a card if requested"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:102
++msgid ""
++"PKCS#11 URI to restrict the selection of devices for Smartcard "
++"authentication"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:103
++msgid "When shall the PAM responder force an initgroups request"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:106
++msgid "Whether to evaluate the time-based attributes in sudo rules"
++msgstr "是否在 sudo 规则中评估基于时间的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:107
++msgid "If true, SSSD will switch back to lower-wins ordering logic"
++msgstr "如果为 true,SSSD 将切换回 lower-wins ordering 逻辑"
++
++#: src/config/SSSDConfig/sssdoptions.py:108
++msgid ""
++"Maximum number of rules that can be refreshed at once. If this is exceeded, "
++"full refresh is performed."
++msgstr "一次可以刷新的最大规则数。如果超出此范围,则执行完全刷新。"
++
++#: src/config/SSSDConfig/sssdoptions.py:115
++msgid "Whether to hash host names and addresses in the known_hosts file"
++msgstr "在 known_hosts 文件中是否对主机名和地址进行哈希处理"
++
++#: src/config/SSSDConfig/sssdoptions.py:116
++msgid ""
++"How many seconds to keep a host in the known_hosts file after its host keys "
++"were requested"
++msgstr "当请求了它的主机密钥后,将主机保留在 known_hosts 文件中的时间(以秒为单位)"
++
++#: src/config/SSSDConfig/sssdoptions.py:118
++msgid "Path to storage of trusted CA certificates"
++msgstr "到可信 CA 证书存储的路径"
++
++#: src/config/SSSDConfig/sssdoptions.py:119
++msgid "Allow to generate ssh-keys from certificates"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:120
++msgid ""
++"Use the following matching rules to filter the certificates for ssh-key "
++"generation"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:124
++msgid "List of UIDs or user names allowed to access the PAC responder"
++msgstr "允许访问 PAC 响应者的 UID 或用户名列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:125
++msgid "How long the PAC data is considered valid"
++msgstr "PAC 数据被视为有效的时间长度"
++
++#: src/config/SSSDConfig/sssdoptions.py:128
++msgid "List of user attributes the InfoPipe is allowed to publish"
++msgstr "允许 InfoPipe 发布的用户属性列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:131
++msgid "The provider where the secrets will be stored in"
++msgstr "存储 secret 的提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:132
++msgid "The maximum allowed number of nested containers"
++msgstr "允许嵌套的最大容器数量"
++
++#: src/config/SSSDConfig/sssdoptions.py:133
++msgid "The maximum number of secrets that can be stored"
++msgstr "可以存储的最大 secret 数量"
++
++#: src/config/SSSDConfig/sssdoptions.py:134
++msgid "The maximum number of secrets that can be stored per UID"
++msgstr "每个 UID 可以存储的最大 secret 数量"
++
++#: src/config/SSSDConfig/sssdoptions.py:135
++msgid "The maximum payload size of a secret in kilobytes"
++msgstr "一个 secret 的最大有效负载的大小(以千字节为单位)"
++
++#: src/config/SSSDConfig/sssdoptions.py:137
++msgid "The URL Custodia server is listening on"
++msgstr "正在侦听的 URL Custodia 服务器"
++
++#: src/config/SSSDConfig/sssdoptions.py:138
++msgid "The method to use when authenticating to a Custodia server"
++msgstr "当向 Custodia 服务器进行身份验证时使用的方法"
++
++#: src/config/SSSDConfig/sssdoptions.py:139
++msgid ""
++"The name of the headers that will be added into a HTTP request with the "
++"value defined in auth_header_value"
++msgstr "将使用 auth_header_value 中定义的值添加到 HTTP 请求中的标头名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:141
++msgid "The value sssd-secrets would use for auth_header_name"
++msgstr "用于 auth_header_name 的 sssd-secrets 值"
++
++#: src/config/SSSDConfig/sssdoptions.py:142
++msgid ""
++"The list of the headers to forward to the Custodia server together with the "
++"request"
++msgstr "与请求一起转发到 Custodia 服务器的标头列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:143
++msgid ""
++"The username to use when authenticating to a Custodia server using "
++"basic_auth"
++msgstr "当向使用 basic_auth 的 Custodia 服务器进行身份验证时使用的用户名"
++
++#: src/config/SSSDConfig/sssdoptions.py:144
++msgid ""
++"The password to use when authenticating to a Custodia server using "
++"basic_auth"
++msgstr "当向使用 basic_auth 的 Custodia 服务器进行身份验证时使用的密码"
++
++#: src/config/SSSDConfig/sssdoptions.py:145
++msgid ""
++"If true peer's certificate is verified if proxy_url uses https protocol"
++msgstr "如果 proxy_url 使用 https 协议,是否验证真实的对等方的证书"
++
++#: src/config/SSSDConfig/sssdoptions.py:146
++msgid ""
++"If false peer's certificate may contain different hostname than proxy_url "
++"when https protocol is used"
++msgstr "使用 https 协议时,错误的对等方证书的主机名可能与 proxy_url 不同"
++
++#: src/config/SSSDConfig/sssdoptions.py:148
++msgid "Path to directory where certificate authority certificates are stored"
++msgstr "证书颁发机构证书存储目录的路径"
++
++#: src/config/SSSDConfig/sssdoptions.py:149
++msgid "Path to file containing server's CA certificate"
++msgstr "包含服务器 CA 证书的文件的路径"
++
++#: src/config/SSSDConfig/sssdoptions.py:150
++msgid "Path to file containing client's certificate"
++msgstr "包含客户端证书的文件的路径"
++
++#: src/config/SSSDConfig/sssdoptions.py:151
++msgid "Path to file containing client's private key"
++msgstr "包含客户端私钥的文件的路径"
++
++#: src/config/SSSDConfig/sssdoptions.py:154
++msgid ""
++"One of the following strings specifying the scope of session recording: none "
++"- No users are recorded. some - Users/groups specified by users and groups "
++"options are recorded. all - All users are recorded."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:157
++msgid ""
++"A comma-separated list of users which should have session recording enabled. "
++"Matches user names as returned by NSS. I.e. after the possible space "
++"replacement, case changes, etc."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:159
++msgid ""
++"A comma-separated list of groups, members of which should have session "
++"recording enabled. Matches group names as returned by NSS. I.e. after the "
++"possible space replacement, case changes, etc."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:164
++msgid "Identity provider"
++msgstr "身份提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:165
++msgid "Authentication provider"
++msgstr "身份验证提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:166
++msgid "Access control provider"
++msgstr "访问控制提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:167
++msgid "Password change provider"
++msgstr "密码改变提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:168
++msgid "SUDO provider"
++msgstr "SUDO 提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:169
++msgid "Autofs provider"
++msgstr "Autofs 提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:170
++msgid "Host identity provider"
++msgstr "主机身份提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:171
++msgid "SELinux provider"
++msgstr "SELinux 提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:172
++msgid "Session management provider"
++msgstr "会话管理提供者"
++
++#: src/config/SSSDConfig/sssdoptions.py:173
++msgid "Resolver provider"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:176
++msgid "Whether the domain is usable by the OS or by applications"
++msgstr "域是否可以被 OS 或应用程序使用"
++
++#: src/config/SSSDConfig/sssdoptions.py:177
++msgid "Minimum user ID"
++msgstr "最小用户 ID"
++
++#: src/config/SSSDConfig/sssdoptions.py:178
++msgid "Maximum user ID"
++msgstr "最大用户 ID"
++
++#: src/config/SSSDConfig/sssdoptions.py:179
++msgid "Enable enumerating all users/groups"
++msgstr "启用枚举所有用户/组"
++
++#: src/config/SSSDConfig/sssdoptions.py:180
++msgid "Cache credentials for offline login"
++msgstr "为脱机登录缓存凭据"
++
++#: src/config/SSSDConfig/sssdoptions.py:181
++msgid "Display users/groups in fully-qualified form"
++msgstr "以完全限定的形式显示用户/组"
++
++#: src/config/SSSDConfig/sssdoptions.py:182
++msgid "Don't include group members in group lookups"
++msgstr "在组查询中不包括的组成员"
++
++#: src/config/SSSDConfig/sssdoptions.py:183
++#: src/config/SSSDConfig/sssdoptions.py:193
++#: src/config/SSSDConfig/sssdoptions.py:194
++#: src/config/SSSDConfig/sssdoptions.py:195
++#: src/config/SSSDConfig/sssdoptions.py:196
++#: src/config/SSSDConfig/sssdoptions.py:197
++#: src/config/SSSDConfig/sssdoptions.py:198
++#: src/config/SSSDConfig/sssdoptions.py:199
++msgid "Entry cache timeout length (seconds)"
++msgstr "输入缓存超时时间(秒)"
++
++#: src/config/SSSDConfig/sssdoptions.py:184
++msgid ""
++"Restrict or prefer a specific address family when performing DNS lookups"
++msgstr "执行 DNS 查找时限制或首选使用特定的地址系列"
++
++#: src/config/SSSDConfig/sssdoptions.py:185
++msgid "How long to keep cached entries after last successful login (days)"
++msgstr "上次成功登录后保留缓存条目的时间(天)"
++
++#: src/config/SSSDConfig/sssdoptions.py:186
++msgid ""
++"How long should SSSD talk to single DNS server before trying next server "
++"(miliseconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:188
++msgid "How long should keep trying to resolve single DNS query (seconds)"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:189
++msgid "How long to wait for replies from DNS when resolving servers (seconds)"
++msgstr "解析服务器时等待 DNS 回复的时间(秒)"
++
++#: src/config/SSSDConfig/sssdoptions.py:190
++msgid "The domain part of service discovery DNS query"
++msgstr "服务发现 DNS 查询的域部分"
++
++#: src/config/SSSDConfig/sssdoptions.py:191
++msgid "Override GID value from the identity provider with this value"
++msgstr "使用此值覆盖来自身份提供者的 GID 值"
++
++#: src/config/SSSDConfig/sssdoptions.py:192
++msgid "Treat usernames as case sensitive"
++msgstr "用户名区分大小写"
++
++#: src/config/SSSDConfig/sssdoptions.py:200
++msgid "How often should expired entries be refreshed in background"
++msgstr "过期条目应在后台刷新的频率"
++
++#: src/config/SSSDConfig/sssdoptions.py:201
++msgid "Whether to automatically update the client's DNS entry"
++msgstr "是否自动更新客户端的 DNS 条目"
++
++#: src/config/SSSDConfig/sssdoptions.py:202
++#: src/config/SSSDConfig/sssdoptions.py:232
++msgid "The TTL to apply to the client's DNS entry after updating it"
++msgstr "更新后应用于客户端 DNS 条目的TTL"
++
++#: src/config/SSSDConfig/sssdoptions.py:203
++#: src/config/SSSDConfig/sssdoptions.py:233
++msgid "The interface whose IP should be used for dynamic DNS updates"
++msgstr "应该用于动态 DNS 更新的接口的 IP 地址"
++
++#: src/config/SSSDConfig/sssdoptions.py:204
++msgid "How often to periodically update the client's DNS entry"
++msgstr "定期更新客户端的 DNS 条目的频率"
++
++#: src/config/SSSDConfig/sssdoptions.py:205
++msgid "Whether the provider should explicitly update the PTR record as well"
++msgstr "提供者是否应该明确更新 PTR 记录"
++
++#: src/config/SSSDConfig/sssdoptions.py:206
++msgid "Whether the nsupdate utility should default to using TCP"
++msgstr "nsupdate 实用程序是否应默认使用 TCP"
++
++#: src/config/SSSDConfig/sssdoptions.py:207
++msgid "What kind of authentication should be used to perform the DNS update"
++msgstr "在执行 DNS 更新时应该使用哪种身份验证"
++
++#: src/config/SSSDConfig/sssdoptions.py:208
++msgid "Override the DNS server used to perform the DNS update"
++msgstr "覆盖用于执行 DNS 更新的 DNS 服务器"
++
++#: src/config/SSSDConfig/sssdoptions.py:209
++msgid "Control enumeration of trusted domains"
++msgstr "信任域的控制枚举"
++
++#: src/config/SSSDConfig/sssdoptions.py:210
++msgid "How often should subdomains list be refreshed"
++msgstr "子域列表应该多久刷新一次"
++
++#: src/config/SSSDConfig/sssdoptions.py:211
++msgid "List of options that should be inherited into a subdomain"
++msgstr "应该被继承到子域中的选项列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:212
++msgid "Default subdomain homedir value"
++msgstr "默认子域 homedir 值"
++
++#: src/config/SSSDConfig/sssdoptions.py:213
++msgid "How long can cached credentials be used for cached authentication"
++msgstr "可以使用缓存凭证用于缓存身份验证的时间"
++
++#: src/config/SSSDConfig/sssdoptions.py:214
++msgid "Whether to automatically create private groups for users"
++msgstr "是否自动为用户创建私人组"
++
++#: src/config/SSSDConfig/sssdoptions.py:215
++msgid "Display a warning N days before the password expires."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:216
++msgid ""
++"Various tags stored by the realmd configuration service for this domain."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:217
++msgid ""
++"The provider which should handle fetching of subdomains. This value should "
++"be always the same as id_provider."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:219
++msgid ""
++"How many seconds to keep a host ssh key after refresh. IE how long to cache "
++"the host key for."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:221
++msgid ""
++"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
++"this value determines the minimal length the first authentication factor "
++"(long term password) must have to be saved as SHA512 hash into the cache."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:227
++msgid "IPA domain"
++msgstr "IPA 域"
++
++#: src/config/SSSDConfig/sssdoptions.py:228
++msgid "IPA server address"
++msgstr "IPA 服务器地址"
++
++#: src/config/SSSDConfig/sssdoptions.py:229
++msgid "Address of backup IPA server"
++msgstr "IPA 备份服务器地址"
++
++#: src/config/SSSDConfig/sssdoptions.py:230
++msgid "IPA client hostname"
++msgstr "IPA 客户端主机名"
++
++#: src/config/SSSDConfig/sssdoptions.py:231
++msgid "Whether to automatically update the client's DNS entry in FreeIPA"
++msgstr "是否在 FreeIPA 中自动更新客户端的 DNS 条目"
++
++#: src/config/SSSDConfig/sssdoptions.py:234
++msgid "Search base for HBAC related objects"
++msgstr "HBAC 相关对象的搜索基础"
++
++#: src/config/SSSDConfig/sssdoptions.py:235
++msgid ""
++"The amount of time between lookups of the HBAC rules against the IPA server"
++msgstr "针对 IPA 服务器查找 HBAC 规则之间的时间间隔"
++
++#: src/config/SSSDConfig/sssdoptions.py:236
++msgid ""
++"The amount of time in seconds between lookups of the SELinux maps against "
++"the IPA server"
++msgstr "针对 IPA 服务器查找 SELinux 映射之间的时间间隔"
++
++#: src/config/SSSDConfig/sssdoptions.py:238
++msgid "If set to false, host argument given by PAM will be ignored"
++msgstr "如果设置为 false,PAM 提供的主机参数将被忽略"
++
++#: src/config/SSSDConfig/sssdoptions.py:239
++msgid "The automounter location this IPA client is using"
++msgstr "此 IPA 客户端使用的自动挂载器的位置"
++
++#: src/config/SSSDConfig/sssdoptions.py:240
++msgid "Search base for object containing info about IPA domain"
++msgstr "搜索包含有关 IPA 域信息的对象的搜索基础"
++
++#: src/config/SSSDConfig/sssdoptions.py:241
++msgid "Search base for objects containing info about ID ranges"
++msgstr "搜索包含有关 ID 范围信息的对象的搜索基础"
++
++#: src/config/SSSDConfig/sssdoptions.py:242
++#: src/config/SSSDConfig/sssdoptions.py:296
++msgid "Enable DNS sites - location based service discovery"
++msgstr "启用 DNS 站点 - 基于位置的服务发现"
++
++#: src/config/SSSDConfig/sssdoptions.py:243
++msgid "Search base for view containers"
++msgstr "查看容器的搜索基础"
++
++#: src/config/SSSDConfig/sssdoptions.py:244
++msgid "Objectclass for view containers"
++msgstr "查看容器的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:245
++msgid "Attribute with the name of the view"
++msgstr "具有视图名称的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:246
++msgid "Objectclass for override objects"
++msgstr "覆盖对象的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:247
++msgid "Attribute with the reference to the original object"
++msgstr "带有到原始对象参考的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:248
++msgid "Objectclass for user override objects"
++msgstr "用户覆盖对象的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:249
++msgid "Objectclass for group override objects"
++msgstr "组覆盖对象的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:250
++msgid "Search base for Desktop Profile related objects"
++msgstr "Desktop Profile 相关对象的搜索基础"
++
++#: src/config/SSSDConfig/sssdoptions.py:251
++msgid ""
++"The amount of time in seconds between lookups of the Desktop Profile rules "
++"against the IPA server"
++msgstr "针对 IPA 服务器查找 Desktop Profile 规则之间的时间间隔"
++
++#: src/config/SSSDConfig/sssdoptions.py:253
++msgid ""
++"The amount of time in minutes between lookups of Desktop Profiles rules "
++"against the IPA server when the last request did not find any rule"
++msgstr "当最后一个请求未找到任何规则时,针对 IPA 服务器的Desktop Profiles 规则查找之间的时间间隔(以分钟为单位)"
++
++#: src/config/SSSDConfig/sssdoptions.py:256
++msgid "The LDAP attribute that contains FQDN of the host."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:257
++#: src/config/SSSDConfig/sssdoptions.py:280
++msgid "The object class of a host entry in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:258
++msgid "Use the given string as search base for host objects."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:259
++msgid "The LDAP attribute that contains the host's SSH public keys."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:260
++msgid "The LDAP attribute that contains NIS domain name of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:261
++msgid "The LDAP attribute that contains the names of the netgroup's members."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:262
++msgid ""
++"The LDAP attribute that lists FQDNs of hosts and host groups that are "
++"members of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:264
++msgid ""
++"The LDAP attribute that lists hosts and host groups that are direct members "
++"of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:266
++msgid "The LDAP attribute that lists netgroup's memberships."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:267
++msgid ""
++"The LDAP attribute that lists system users and groups that are direct "
++"members of the netgroup."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:269
++msgid "The LDAP attribute that corresponds to the netgroup name."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:270
++msgid "The object class of a netgroup entry in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:271
++msgid ""
++"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:272
++msgid ""
++"The LDAP attribute that contains whether or not is user map enabled for "
++"usage."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:274
++msgid "The LDAP attribute that contains host category such as 'all'."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:275
++msgid ""
++"The LDAP attribute that contains all hosts / hostgroups this rule match "
++"against."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:277
++msgid ""
++"The LDAP attribute that contains all users / groups this rule match against."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:279
++msgid "The LDAP attribute that contains the name of SELinux usermap."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:281
++msgid ""
++"The LDAP attribute that contains DN of HBAC rule which can be used for "
++"matching instead of memberUser and memberHost."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:283
++msgid "The LDAP attribute that contains SELinux user string itself."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:284
++msgid "The LDAP attribute that contains user category such as 'all'."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:285
++msgid "The LDAP attribute that contains unique ID of the user map."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:286
++msgid ""
++"The option denotes that the SSSD is running on IPA server and should perform "
++"lookups of users and groups from trusted domains differently."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:288
++msgid "Use the given string as search base for trusted domains."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:291
++msgid "Active Directory domain"
++msgstr "活动目录域"
++
++#: src/config/SSSDConfig/sssdoptions.py:292
++msgid "Enabled Active Directory domains"
++msgstr "启用活动目录域"
++
++#: src/config/SSSDConfig/sssdoptions.py:293
++msgid "Active Directory server address"
++msgstr "没动目录服务器地址"
++
++#: src/config/SSSDConfig/sssdoptions.py:294
++msgid "Active Directory backup server address"
++msgstr "没动目录备份服务器地址"
++
++#: src/config/SSSDConfig/sssdoptions.py:295
++msgid "Active Directory client hostname"
++msgstr "活动目录客户端主机名"
++
++#: src/config/SSSDConfig/sssdoptions.py:297
++#: src/config/SSSDConfig/sssdoptions.py:488
++msgid "LDAP filter to determine access privileges"
++msgstr "用于决定访问权限 的 LDAP 过滤器"
++
++#: src/config/SSSDConfig/sssdoptions.py:298
++msgid "Whether to use the Global Catalog for lookups"
++msgstr "是否使用 Global Catalog 进行查找"
++
++#: src/config/SSSDConfig/sssdoptions.py:299
++msgid "Operation mode for GPO-based access control"
++msgstr "基于 GPO 的访问控制的操作模式"
++
++#: src/config/SSSDConfig/sssdoptions.py:300
++msgid ""
++"The amount of time between lookups of the GPO policy files against the AD "
++"server"
++msgstr "针对 IPA 服务器查找 GPO 策略文件之间的时间间隔"
++
++#: src/config/SSSDConfig/sssdoptions.py:301
++msgid ""
++"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
++"settings"
++msgstr "映射到 GPO (Deny)InteractiveLogonRight 策略设置的 PAM 服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:303
++msgid ""
++"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
++"policy settings"
++msgstr "映射到 GPO (Deny)RemoteInteractiveLogonRight 策略设置的 PAM 服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:305
++msgid ""
++"PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
++"settings"
++msgstr "映射到 GPO (Deny)NetworkLogonRight 策略设置的 PAM 服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:306
++msgid ""
++"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
++msgstr "映射到 GPO (Deny)BatchLogonRight 策略设置的 PAM 服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:307
++msgid ""
++"PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
++"settings"
++msgstr "映射到 GPO (Deny)ServiceLogonRight 策略设置的 PAM 服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:308
++msgid "PAM service names for which GPO-based access is always granted"
++msgstr "基于 GPO 的访问始终会被授予的 PAM 服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:309
++msgid "PAM service names for which GPO-based access is always denied"
++msgstr "基于 GPO 的访问始终会被拒绝的 PAM 服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:310
++msgid ""
++"Default logon right (or permit/deny) to use for unmapped PAM service names"
++msgstr "用于未映射的 PAM 服务名称的默认登录权(或允许/拒绝)"
++
++#: src/config/SSSDConfig/sssdoptions.py:311
++msgid "a particular site to be used by the client"
++msgstr "客户要使用的特定站点"
++
++#: src/config/SSSDConfig/sssdoptions.py:312
++msgid ""
++"Maximum age in days before the machine account password should be renewed"
++msgstr "机器帐户密码需要续订的最长期限(天)"
++
++#: src/config/SSSDConfig/sssdoptions.py:314
++msgid "Option for tuning the machine account renewal task"
++msgstr "用于调整机器帐户续订任务的选项"
++
++#: src/config/SSSDConfig/sssdoptions.py:315
++msgid "Whether to update the machine account password in the Samba database"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:317
++msgid "Use LDAPS port for LDAP and Global Catalog requests"
++msgstr "将 LDAPS 端口用于 LDAP 和 Global Catalog 请求"
++
++#: src/config/SSSDConfig/sssdoptions.py:320
++#: src/config/SSSDConfig/sssdoptions.py:321
++msgid "Kerberos server address"
++msgstr "Kerberos 服务器地址"
++
++#: src/config/SSSDConfig/sssdoptions.py:322
++msgid "Kerberos backup server address"
++msgstr "Kerberos 备份服务器地址"
++
++#: src/config/SSSDConfig/sssdoptions.py:323
++msgid "Kerberos realm"
++msgstr "Kerberos realm"
++
++#: src/config/SSSDConfig/sssdoptions.py:324
++msgid "Authentication timeout"
++msgstr "验证超时"
++
++#: src/config/SSSDConfig/sssdoptions.py:325
++msgid "Whether to create kdcinfo files"
++msgstr "是否创建 kdcinfo 文件"
++
++#: src/config/SSSDConfig/sssdoptions.py:326
++msgid "Where to drop krb5 config snippets"
++msgstr "在哪里放置 krb5 配置片段"
++
++#: src/config/SSSDConfig/sssdoptions.py:329
++msgid "Directory to store credential caches"
++msgstr "存储凭证缓存的目录"
++
++#: src/config/SSSDConfig/sssdoptions.py:330
++msgid "Location of the user's credential cache"
++msgstr "用户凭证缓存的位置"
++
++#: src/config/SSSDConfig/sssdoptions.py:331
++msgid "Location of the keytab to validate credentials"
++msgstr "用于验证凭据的密钥表的位置"
++
++#: src/config/SSSDConfig/sssdoptions.py:332
++msgid "Enable credential validation"
++msgstr "启用凭证验证"
++
++#: src/config/SSSDConfig/sssdoptions.py:333
++msgid "Store password if offline for later online authentication"
++msgstr "离线时存储密码,以便以后进行在线身份验证"
++
++#: src/config/SSSDConfig/sssdoptions.py:334
++msgid "Renewable lifetime of the TGT"
++msgstr "TGT 的可更新寿命"
++
++#: src/config/SSSDConfig/sssdoptions.py:335
++msgid "Lifetime of the TGT"
++msgstr "TGT 的寿命"
++
++#: src/config/SSSDConfig/sssdoptions.py:336
++msgid "Time between two checks for renewal"
++msgstr "两次更新检查之间的间隔时间"
++
++#: src/config/SSSDConfig/sssdoptions.py:337
++msgid "Enables FAST"
++msgstr "启用 FAST"
++
++#: src/config/SSSDConfig/sssdoptions.py:338
++msgid "Selects the principal to use for FAST"
++msgstr "选择用于 FAST 的主体"
++
++#: src/config/SSSDConfig/sssdoptions.py:339
++msgid "Enables principal canonicalization"
++msgstr "启用主体规范化"
++
++#: src/config/SSSDConfig/sssdoptions.py:340
++msgid "Enables enterprise principals"
++msgstr "启用企业主体"
++
++#: src/config/SSSDConfig/sssdoptions.py:341
++msgid "A mapping from user names to Kerberos principal names"
++msgstr "从用户名到 Kerberos 主体名称的映射"
++
++#: src/config/SSSDConfig/sssdoptions.py:344
++#: src/config/SSSDConfig/sssdoptions.py:345
++msgid "Server where the change password service is running if not on the KDC"
++msgstr "如果不在 KDC 上,运行更改密码服务的服务器"
++
++#: src/config/SSSDConfig/sssdoptions.py:348
++msgid "ldap_uri, The URI of the LDAP server"
++msgstr "ldap_uri,LDAP 服务器的 URI"
++
++#: src/config/SSSDConfig/sssdoptions.py:349
++msgid "ldap_backup_uri, The URI of the LDAP server"
++msgstr "ldap_backup_uri,LDAP 服务器的 URI"
++
++#: src/config/SSSDConfig/sssdoptions.py:350
++msgid "The default base DN"
++msgstr "默认基本 DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:351
++msgid "The Schema Type in use on the LDAP server, rfc2307"
++msgstr "LDAP 服务器上使用的 Schema Type,rfc2307"
++
++#: src/config/SSSDConfig/sssdoptions.py:352
++msgid "Mode used to change user password"
++msgstr "用来修改用户密码的模式"
++
++#: src/config/SSSDConfig/sssdoptions.py:353
++msgid "The default bind DN"
++msgstr "默认绑定 DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:354
++msgid "The type of the authentication token of the default bind DN"
++msgstr "默认绑定 DN 的身份验证令牌的类型"
++
++#: src/config/SSSDConfig/sssdoptions.py:355
++msgid "The authentication token of the default bind DN"
++msgstr "默认绑定 DN 的身份验证令牌"
++
++#: src/config/SSSDConfig/sssdoptions.py:356
++msgid "Length of time to attempt connection"
++msgstr "尝试连接的时间长度"
++
++#: src/config/SSSDConfig/sssdoptions.py:357
++msgid "Length of time to attempt synchronous LDAP operations"
++msgstr "尝试同步 LDAP 操作的时间长度"
++
++#: src/config/SSSDConfig/sssdoptions.py:358
++msgid "Length of time between attempts to reconnect while offline"
++msgstr "离线时尝试重新连接的时间间隔"
++
++#: src/config/SSSDConfig/sssdoptions.py:359
++msgid "Use only the upper case for realm names"
++msgstr "realm 名称仅使用大写字母"
++
++#: src/config/SSSDConfig/sssdoptions.py:360
++msgid "File that contains CA certificates"
++msgstr "包含 CA 证书的文件"
++
++#: src/config/SSSDConfig/sssdoptions.py:361
++msgid "Path to CA certificate directory"
++msgstr "CA 证书目录的路径"
++
++#: src/config/SSSDConfig/sssdoptions.py:362
++msgid "File that contains the client certificate"
++msgstr "包含客户端 CA 证书的文件"
++
++#: src/config/SSSDConfig/sssdoptions.py:363
++msgid "File that contains the client key"
++msgstr "包含客户端密钥的文件"
++
++#: src/config/SSSDConfig/sssdoptions.py:364
++msgid "List of possible ciphers suites"
++msgstr "可能的加密套件列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:365
++msgid "Require TLS certificate verification"
++msgstr "调整 TLS 证书验证"
++
++#: src/config/SSSDConfig/sssdoptions.py:366
++msgid "Specify the sasl mechanism to use"
++msgstr "指定要使用的 sasl 机制"
++
++#: src/config/SSSDConfig/sssdoptions.py:367
++msgid "Specify the sasl authorization id to use"
++msgstr "指定要使用的 sasl 授权 ID"
++
++#: src/config/SSSDConfig/sssdoptions.py:368
++msgid "Specify the sasl authorization realm to use"
++msgstr "指定要使用的 sasl 授权 realm"
++
++#: src/config/SSSDConfig/sssdoptions.py:369
++msgid "Specify the minimal SSF for LDAP sasl authorization"
++msgstr "为 LDAP sasl 授权指定最小的 SSF"
++
++#: src/config/SSSDConfig/sssdoptions.py:370
++msgid "Specify the maximal SSF for LDAP sasl authorization"
++msgstr "为 LDAP sasl 授权指定最大的 SSF"
++
++#: src/config/SSSDConfig/sssdoptions.py:371
++msgid "Kerberos service keytab"
++msgstr "Kerberos服务密钥表"
++
++#: src/config/SSSDConfig/sssdoptions.py:372
++msgid "Use Kerberos auth for LDAP connection"
++msgstr "使用 Kerberos 身份验证进行 LDAP 连接"
++
++#: src/config/SSSDConfig/sssdoptions.py:373
++msgid "Follow LDAP referrals"
++msgstr "遵循 LDAP 引用"
++
++#: src/config/SSSDConfig/sssdoptions.py:374
++msgid "Lifetime of TGT for LDAP connection"
++msgstr "TGT 的 LDAP 连接生命周期"
++
++#: src/config/SSSDConfig/sssdoptions.py:375
++msgid "How to dereference aliases"
++msgstr "如何取消引用别名"
++
++#: src/config/SSSDConfig/sssdoptions.py:376
++msgid "Service name for DNS service lookups"
++msgstr "DNS 服务查找的服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:377
++msgid "The number of records to retrieve in a single LDAP query"
++msgstr "单个 LDAP 查询中要检索的记录数"
++
++#: src/config/SSSDConfig/sssdoptions.py:378
++msgid "The number of members that must be missing to trigger a full deref"
++msgstr "触发完全取消引用请最少需要缺少的成员数"
++
++#: src/config/SSSDConfig/sssdoptions.py:379
++msgid ""
++"Whether the LDAP library should perform a reverse lookup to canonicalize the "
++"host name during a SASL bind"
++msgstr "在 SASL绑定期间,LDAP 库是否应执行反向查找以规范化主机名"
++
++#: src/config/SSSDConfig/sssdoptions.py:381
++msgid ""
++"Allows to retain local users as members of an LDAP group for servers that "
++"use the RFC2307 schema."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:384
++msgid "entryUSN attribute"
++msgstr "entryUSN 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:385
++msgid "lastUSN attribute"
++msgstr "lastUSN 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:387
++msgid ""
++"How long to retain a connection to the LDAP server before disconnecting"
++msgstr "断开连接前与 LDAP 服务器保持连接的时间"
++
++#: src/config/SSSDConfig/sssdoptions.py:390
++msgid "Disable the LDAP paging control"
++msgstr "禁用 LDAP 分页控制"
++
++#: src/config/SSSDConfig/sssdoptions.py:391
++msgid "Disable Active Directory range retrieval"
++msgstr "禁用 Active Directory 范围检索"
++
++#: src/config/SSSDConfig/sssdoptions.py:394
++msgid "Length of time to wait for a search request"
++msgstr "等待搜索请求的时间长度"
++
++#: src/config/SSSDConfig/sssdoptions.py:395
++msgid "Length of time to wait for a enumeration request"
++msgstr "等待枚举请求的时间长度"
++
++#: src/config/SSSDConfig/sssdoptions.py:396
++msgid "Length of time between enumeration updates"
++msgstr "枚举更新之间的时间长度"
++
++#: src/config/SSSDConfig/sssdoptions.py:397
++msgid "Length of time between cache cleanups"
++msgstr "两次缓存清除之间的时间长度"
++
++#: src/config/SSSDConfig/sssdoptions.py:398
++msgid "Require TLS for ID lookups"
++msgstr "需要 TLS 进行 ID 查找"
++
++#: src/config/SSSDConfig/sssdoptions.py:399
++msgid "Use ID-mapping of objectSID instead of pre-set IDs"
++msgstr "使用 objectSID 的 ID 映射而不是预设的 ID"
++
++#: src/config/SSSDConfig/sssdoptions.py:400
++msgid "Base DN for user lookups"
++msgstr "用户查找的基本 DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:401
++msgid "Scope of user lookups"
++msgstr "用户查找范围"
++
++#: src/config/SSSDConfig/sssdoptions.py:402
++msgid "Filter for user lookups"
++msgstr "用户查找过滤"
++
++#: src/config/SSSDConfig/sssdoptions.py:403
++msgid "Objectclass for users"
++msgstr "用户的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:404
++msgid "Username attribute"
++msgstr "用户名属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:405
++msgid "UID attribute"
++msgstr "UID 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:406
++msgid "Primary GID attribute"
++msgstr "主 GID 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:407
++msgid "GECOS attribute"
++msgstr "GECOS 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:408
++msgid "Home directory attribute"
++msgstr "家目录属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:409
++msgid "Shell attribute"
++msgstr "Shell 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:410
++msgid "UUID attribute"
++msgstr "UUID 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:411
++#: src/config/SSSDConfig/sssdoptions.py:449
++msgid "objectSID attribute"
++msgstr "objectSID 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:412
++msgid "Active Directory primary group attribute for ID-mapping"
++msgstr "用于 ID 映射的活动目录的主组属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:413
++msgid "User principal attribute (for Kerberos)"
++msgstr "用户主体属性(用于 Kerberos)"
++
++#: src/config/SSSDConfig/sssdoptions.py:414
++msgid "Full Name"
++msgstr "全称"
++
++#: src/config/SSSDConfig/sssdoptions.py:415
++msgid "memberOf attribute"
++msgstr "memberOf 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:416
++msgid "Modification time attribute"
++msgstr "修改时间属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:417
++msgid "shadowLastChange attribute"
++msgstr "shadowLastChange 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:418
++msgid "shadowMin attribute"
++msgstr "shadowMin 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:419
++msgid "shadowMax attribute"
++msgstr "shadowMax 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:420
++msgid "shadowWarning attribute"
++msgstr "shadowWarning 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:421
++msgid "shadowInactive attribute"
++msgstr "shadowInactive 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:422
++msgid "shadowExpire attribute"
++msgstr "shadowExpire 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:423
++msgid "shadowFlag attribute"
++msgstr "shadowFlag 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:424
++msgid "Attribute listing authorized PAM services"
++msgstr "列出授权的 PAM 服务的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:425
++msgid "Attribute listing authorized server hosts"
++msgstr "列出授权的服务器主机的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:426
++msgid "Attribute listing authorized server rhosts"
++msgstr "列出授权的服务器 rhost 的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:427
++msgid "krbLastPwdChange attribute"
++msgstr "krbLastPwdChange 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:428
++msgid "krbPasswordExpiration attribute"
++msgstr "krbPasswordExpiration 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:429
++msgid "Attribute indicating that server side password policies are active"
++msgstr "用来指示服务器端密码策略处于活动状态的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:430
++msgid "accountExpires attribute of AD"
++msgstr "AD 的 accountExpires 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:431
++msgid "userAccountControl attribute of AD"
++msgstr "AD 的 userAccountControl 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:432
++msgid "nsAccountLock attribute"
++msgstr "nsAccountLock 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:433
++msgid "loginDisabled attribute of NDS"
++msgstr "NDS 的 loginDisabled 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:434
++msgid "loginExpirationTime attribute of NDS"
++msgstr "NDS 的 loginExpirationTime 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:435
++msgid "loginAllowedTimeMap attribute of NDS"
++msgstr "NDS 的 loginAllowedTimeMap 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:436
++msgid "SSH public key attribute"
++msgstr "SSH 公钥属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:437
++msgid "attribute listing allowed authentication types for a user"
++msgstr "列出用户允许的身份验证类型的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:438
++msgid "attribute containing the X509 certificate of the user"
++msgstr "包含用户的 X509 证书的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:439
++msgid "attribute containing the email address of the user"
++msgstr "包含用户电子邮件地址的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:440
++msgid "A list of extra attributes to download along with the user entry"
++msgstr "要与用户条目一起下载的其他属性的列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:442
++msgid "Base DN for group lookups"
++msgstr "组查找的基本 DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:443
++msgid "Objectclass for groups"
++msgstr "组的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:444
++msgid "Group name"
++msgstr "组名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:445
++msgid "Group password"
++msgstr "组密码"
++
++#: src/config/SSSDConfig/sssdoptions.py:446
++msgid "GID attribute"
++msgstr "GID 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:447
++msgid "Group member attribute"
++msgstr "组成员属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:448
++msgid "Group UUID attribute"
++msgstr "组 UUID 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:450
++msgid "Modification time attribute for groups"
++msgstr "组的修改时间属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:451
++msgid "Type of the group and other flags"
++msgstr "组的类型和其他标志"
++
++#: src/config/SSSDConfig/sssdoptions.py:452
++msgid "The LDAP group external member attribute"
++msgstr "LDAP 组外部成员属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:453
++msgid "Maximum nesting level SSSD will follow"
++msgstr "将遵循的最大嵌套级别 SSSD"
++
++#: src/config/SSSDConfig/sssdoptions.py:454
++msgid "Filter for group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:455
++msgid "Scope of group lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:457
++msgid "Base DN for netgroup lookups"
++msgstr "netgroup 查找的基本 DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:458
++msgid "Objectclass for netgroups"
++msgstr "netgroup 的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:459
++msgid "Netgroup name"
++msgstr "Netgroup 名"
++
++#: src/config/SSSDConfig/sssdoptions.py:460
++msgid "Netgroups members attribute"
++msgstr "Netgroups 成员属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:461
++msgid "Netgroup triple attribute"
++msgstr "Netgroup triple 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:462
++msgid "Modification time attribute for netgroups"
++msgstr "netgroup 的修改时间属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:464
++msgid "Base DN for service lookups"
++msgstr "服务查找的基本 DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:465
++msgid "Objectclass for services"
++msgstr "服务的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:466
++msgid "Service name attribute"
++msgstr "服务名属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:467
++msgid "Service port attribute"
++msgstr "服务端口属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:468
++msgid "Service protocol attribute"
++msgstr "服务协议属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:470
++msgid "Lower bound for ID-mapping"
++msgstr "ID 映射的下限"
++
++#: src/config/SSSDConfig/sssdoptions.py:471
++msgid "Upper bound for ID-mapping"
++msgstr "ID 映射的上限"
++
++#: src/config/SSSDConfig/sssdoptions.py:472
++msgid "Number of IDs for each slice when ID-mapping"
++msgstr "ID 映射时每个片的 ID 数"
++
++#: src/config/SSSDConfig/sssdoptions.py:473
++msgid "Use autorid-compatible algorithm for ID-mapping"
++msgstr "使用与 autorid 兼容的算法进行 ID 映射"
++
++#: src/config/SSSDConfig/sssdoptions.py:474
++msgid "Name of the default domain for ID-mapping"
++msgstr "用于 ID 映射的默认域的名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:475
++msgid "SID of the default domain for ID-mapping"
++msgstr "用于 ID 映射的默认域的 SID"
++
++#: src/config/SSSDConfig/sssdoptions.py:476
++msgid "Number of secondary slices"
++msgstr "次要切片数"
++
++#: src/config/SSSDConfig/sssdoptions.py:478
++msgid "Whether to use Token-Groups"
++msgstr "是否使用令牌组"
++
++#: src/config/SSSDConfig/sssdoptions.py:479
++msgid "Set lower boundary for allowed IDs from the LDAP server"
++msgstr "设置 LDAP 服务器允许的 ID 的下边界"
++
++#: src/config/SSSDConfig/sssdoptions.py:480
++msgid "Set upper boundary for allowed IDs from the LDAP server"
++msgstr "设置 LDAP 服务器允许的 ID 的上边界"
++
++#: src/config/SSSDConfig/sssdoptions.py:481
++msgid "DN for ppolicy queries"
++msgstr "ppolicy 查询的 DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:482
++msgid "How many maximum entries to fetch during a wildcard request"
++msgstr "在通配符请求期间要提取多少个最大条目"
++
++#: src/config/SSSDConfig/sssdoptions.py:485
++msgid "Policy to evaluate the password expiration"
++msgstr "评估密码有效期的策略"
++
++#: src/config/SSSDConfig/sssdoptions.py:489
++msgid "Which attributes shall be used to evaluate if an account is expired"
++msgstr "应使用哪些属性来评估帐户是否过期"
++
++#: src/config/SSSDConfig/sssdoptions.py:490
++msgid "Which rules should be used to evaluate access control"
++msgstr "应该使用哪些规则来评估访问控制"
++
++#: src/config/SSSDConfig/sssdoptions.py:493
++msgid "URI of an LDAP server where password changes are allowed"
++msgstr "允许更改密码的 LDAP 服务器的 URI"
++
++#: src/config/SSSDConfig/sssdoptions.py:494
++msgid "URI of a backup LDAP server where password changes are allowed"
++msgstr "允许更改密码的备份 LDAP 服务器的 URI"
++
++#: src/config/SSSDConfig/sssdoptions.py:495
++msgid "DNS service name for LDAP password change server"
++msgstr "LDAP 密码更改服务器的 DNS 服务名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:496
++msgid ""
++"Whether to update the ldap_user_shadow_last_change attribute after a "
++"password change"
++msgstr "更改密码后是否更新 ldap_user_shadow_last_change 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:500
++msgid "Base DN for sudo rules lookups"
++msgstr "sudo 规则查找的基本DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:501
++msgid "Automatic full refresh period"
++msgstr "自动完整刷新周期"
++
++#: src/config/SSSDConfig/sssdoptions.py:502
++msgid "Automatic smart refresh period"
++msgstr "自动智能刷新周期"
++
++#: src/config/SSSDConfig/sssdoptions.py:503
++msgid "Whether to filter rules by hostname, IP addresses and network"
++msgstr "是否按主机名,IP地址和网络过滤规则"
++
++#: src/config/SSSDConfig/sssdoptions.py:504
++msgid ""
++"Hostnames and/or fully qualified domain names of this machine to filter sudo "
++"rules"
++msgstr "本机的主机名和/或限定域名,用于过滤 sudo 规则"
++
++#: src/config/SSSDConfig/sssdoptions.py:505
++msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
++msgstr "IPv4 或 IPv6 地址或本机器的网络,用于过滤 sudo 规则"
++
++#: src/config/SSSDConfig/sssdoptions.py:506
++msgid "Whether to include rules that contains netgroup in host attribute"
++msgstr "是否在主机属性中包含带有 netgroup 的规则"
++
++#: src/config/SSSDConfig/sssdoptions.py:507
++msgid ""
++"Whether to include rules that contains regular expression in host attribute"
++msgstr "是否在主机属性中包含带有正则表达式的规则"
++
++#: src/config/SSSDConfig/sssdoptions.py:508
++msgid "Object class for sudo rules"
++msgstr "sudo 规则的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:509
++msgid "Name of attribute that is used as object class for sudo rules"
++msgstr "用作 sudo 规则的对象类的属性名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:510
++msgid "Sudo rule name"
++msgstr "sudo 规则名"
++
++#: src/config/SSSDConfig/sssdoptions.py:511
++msgid "Sudo rule command attribute"
++msgstr "sudo 规则命令属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:512
++msgid "Sudo rule host attribute"
++msgstr "sudo 规则主机属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:513
++msgid "Sudo rule user attribute"
++msgstr "sudo 规则用户属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:514
++msgid "Sudo rule option attribute"
++msgstr "sudo 规则选项属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:515
++msgid "Sudo rule runas attribute"
++msgstr "sudo 规则 runas 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:516
++msgid "Sudo rule runasuser attribute"
++msgstr "sudo 规则 runasuser 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:517
++msgid "Sudo rule runasgroup attribute"
++msgstr "sudo 规则 runasgroup 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:518
++msgid "Sudo rule notbefore attribute"
++msgstr "sudo 规则 notbefore 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:519
++msgid "Sudo rule notafter attribute"
++msgstr "sudo 规则 notafter 属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:520
++msgid "Sudo rule order attribute"
++msgstr "sudo 规则顺序属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:523
++msgid "Object class for automounter maps"
++msgstr "自动挂载器映射的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:524
++msgid "Automounter map name attribute"
++msgstr "自动挂载器映射名称属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:525
++msgid "Object class for automounter map entries"
++msgstr "自动挂载器映射条目的对象类"
++
++#: src/config/SSSDConfig/sssdoptions.py:526
++msgid "Automounter map entry key attribute"
++msgstr "自动挂载器映射条目键的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:527
++msgid "Automounter map entry value attribute"
++msgstr "自动挂载器映射条目值的属性"
++
++#: src/config/SSSDConfig/sssdoptions.py:528
++msgid "Base DN for automounter map lookups"
++msgstr "自动挂载程序映射查找的基本 DN"
++
++#: src/config/SSSDConfig/sssdoptions.py:529
++msgid "The name of the automount master map in LDAP."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:532
++msgid "Base DN for IP hosts lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:533
++msgid "Object class for IP hosts"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:534
++msgid "IP host name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:535
++msgid "IP host number (address) attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:536
++msgid "IP host entryUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:537
++msgid "Base DN for IP networks lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:538
++msgid "Object class for IP networks"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:539
++msgid "IP network name attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:540
++msgid "IP network number (address) attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:541
++msgid "IP network entryUSN attribute"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:544
++msgid "Comma separated list of allowed users"
++msgstr "以逗号分隔的允许的用户列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:545
++msgid "Comma separated list of prohibited users"
++msgstr "以逗号分隔的不允许的用户列表"
++
++#: src/config/SSSDConfig/sssdoptions.py:546
++msgid ""
++"Comma separated list of groups that are allowed to log in. This applies only "
++"to groups within this SSSD domain. Local groups are not evaluated."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:548
++msgid ""
++"Comma separated list of groups that are explicitly denied access. This "
++"applies only to groups within this SSSD domain. Local groups are not "
++"evaluated."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:552
++msgid "Base for home directories"
++msgstr "家目录的基础"
++
++#: src/config/SSSDConfig/sssdoptions.py:553
++msgid "Indicate if a home directory should be created for new users."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:554
++msgid "Indicate if a home directory should be removed for deleted users."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:555
++msgid "Specify the default permissions on a newly created home directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:556
++msgid "The skeleton directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:557
++msgid "The mail spool directory."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:558
++msgid "The command that is run after a user is removed."
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:561
++msgid "The number of preforked proxy children."
++msgstr "预分支代理子代的数量。"
++
++#: src/config/SSSDConfig/sssdoptions.py:564
++msgid "The name of the NSS library to use"
++msgstr "使用的 NSS 库的名称"
++
++#: src/config/SSSDConfig/sssdoptions.py:565
++msgid "The name of the NSS library to use for hosts and networks lookups"
++msgstr ""
++
++#: src/config/SSSDConfig/sssdoptions.py:566
++msgid "Whether to look up canonical group name from cache if possible"
++msgstr "如果可能,是否从缓存中查找规范的组名"
++
++#: src/config/SSSDConfig/sssdoptions.py:569
++msgid "PAM stack to use"
++msgstr "使用的 PAM 堆栈"
++
++#: src/config/SSSDConfig/sssdoptions.py:572
++msgid "Path of passwd file sources."
++msgstr "passwd 文件源的路径。"
++
++#: src/config/SSSDConfig/sssdoptions.py:573
++msgid "Path of group file sources."
++msgstr "group 文件源的路径。"
++
+ #: src/monitor/monitor.c:2371
+ msgid "Become a daemon (default)"
+-msgstr ""
++msgstr "成为守护进程(默认)"
+
+ #: src/monitor/monitor.c:2373
+ msgid "Run interactive (not a daemon)"
+-msgstr ""
++msgstr "交互式运行(不是守护程序)"
+
+ #: src/monitor/monitor.c:2376
+ msgid "Disable netlink interface"
+-msgstr ""
++msgstr "禁用 netlink 接口"
+
+-#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_logs.c:310
++#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_config.c:77
++#: src/tools/sssctl/sssctl_logs.c:310
+ msgid "Specify a non-default config file"
+-msgstr ""
++msgstr "指定一个非默认的配置文件"
+
+ #: src/monitor/monitor.c:2380
+ msgid "Refresh the configuration database, then exit"
+-msgstr ""
++msgstr "刷新配置数据库,然后退出"
+
+ #: src/monitor/monitor.c:2383
+ msgid "Similar to --genconf, but only refreshes the given section"
+@@ -46,87 +1850,87 @@ msgstr ""
+
+ #: src/monitor/monitor.c:2386
+ msgid "Print version number and exit"
+-msgstr ""
++msgstr "显示版本号并退出"
+
+ #: src/monitor/monitor.c:2532
+ msgid "SSSD is already running\n"
+-msgstr ""
++msgstr "SSSD 已运行\n"
+
+ #: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
+ msgid "Debug level"
+-msgstr ""
++msgstr "调试级别"
+
+ #: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
+ msgid "Add debug timestamps"
+-msgstr ""
++msgstr "添加调试时间戳"
+
+ #: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
+ msgid "Show timestamps with microseconds"
+-msgstr ""
++msgstr "显示时间戳(以微秒为单位)"
+
+ #: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
+ msgid "An open file descriptor for the debug logs"
+-msgstr ""
++msgstr "调试日志的打开文件描述符"
+
+ #: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
+ msgid "Send the debug output to stderr directly."
+-msgstr ""
++msgstr "将调试直接输出到 stderr。"
+
+ #: src/providers/krb5/krb5_child.c:3245
+ msgid "The user to create FAST ccache as"
+-msgstr ""
++msgstr "用户创建 FAST 缓存为"
+
+ #: src/providers/krb5/krb5_child.c:3247
+ msgid "The group to create FAST ccache as"
+-msgstr ""
++msgstr "组创建 FAST 缓存为"
+
+ #: src/providers/krb5/krb5_child.c:3249
+ msgid "Kerberos realm to use"
+-msgstr ""
++msgstr "使用的 kerberos realm"
+
+ #: src/providers/krb5/krb5_child.c:3251
+ msgid "Requested lifetime of the ticket"
+-msgstr ""
++msgstr "要求的票证寿命"
+
+ #: src/providers/krb5/krb5_child.c:3253
+ msgid "Requested renewable lifetime of the ticket"
+-msgstr ""
++msgstr "要求的可续约票证寿命"
+
+ #: src/providers/krb5/krb5_child.c:3255
+ msgid "FAST options ('never', 'try', 'demand')"
+-msgstr ""
++msgstr "FAST 选项('never'、'try'、'demand')"
+
+ #: src/providers/krb5/krb5_child.c:3258
+ msgid "Specifies the server principal to use for FAST"
+-msgstr ""
++msgstr "指定用于 FAST 的服务器主体"
+
+ #: src/providers/krb5/krb5_child.c:3260
+ msgid "Requests canonicalization of the principal name"
+-msgstr ""
++msgstr "要求规范化主体名称"
+
+ #: src/providers/krb5/krb5_child.c:3262
+ msgid "Use custom version of krb5_get_init_creds_password"
+-msgstr ""
++msgstr "使用自定义版本的 krb5_get_init_creds_password"
+
+ #: src/providers/data_provider_be.c:674
+ msgid "Domain of the information provider (mandatory)"
+-msgstr ""
++msgstr "信息提供者的域(强制)"
+
+ #: src/sss_client/common.c:1079
+ msgid "Privileged socket has wrong ownership or permissions."
+-msgstr ""
++msgstr "特权套接字有错误的所有权或权限。"
+
+ #: src/sss_client/common.c:1082
+ msgid "Public socket has wrong ownership or permissions."
+-msgstr ""
++msgstr "公共套接字有错误的所有权或权限。"
+
+ #: src/sss_client/common.c:1085
+ msgid "Unexpected format of the server credential message."
+-msgstr ""
++msgstr "服务器凭证消息的格式异常。"
+
+ #: src/sss_client/common.c:1088
+ msgid "SSSD is not run by root."
+-msgstr ""
++msgstr "SSSD 没有由 root 运行。"
+
+ #: src/sss_client/common.c:1091
+ msgid "SSSD socket does not exist."
+@@ -138,100 +1942,100 @@ msgstr ""
+
+ #: src/sss_client/common.c:1099
+ msgid "An error occurred, but no description can be found."
+-msgstr ""
++msgstr "发生错误,但找不到描述信息。"
+
+ #: src/sss_client/common.c:1105
+ msgid "Unexpected error while looking for an error description"
+-msgstr ""
++msgstr "查找错误说明时出现意外错误"
+
+ #: src/sss_client/pam_sss.c:68
+ msgid "Permission denied. "
+-msgstr ""
++msgstr "权限被拒绝。"
+
+-#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:779
+-#: src/sss_client/pam_sss.c:790
++#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:781
++#: src/sss_client/pam_sss.c:792
+ msgid "Server message: "
+-msgstr ""
++msgstr "服务器消息: "
+
+-#: src/sss_client/pam_sss.c:297
++#: src/sss_client/pam_sss.c:299
+ msgid "Passwords do not match"
+-msgstr ""
++msgstr "密码不匹配"
+
+-#: src/sss_client/pam_sss.c:485
++#: src/sss_client/pam_sss.c:487
+ msgid "Password reset by root is not supported."
+-msgstr ""
++msgstr "不支持通过 root 重置密码。"
+
+-#: src/sss_client/pam_sss.c:526
++#: src/sss_client/pam_sss.c:528
+ msgid "Authenticated with cached credentials"
+-msgstr ""
++msgstr "通过缓存的凭据进行身份验证"
+
+-#: src/sss_client/pam_sss.c:527
++#: src/sss_client/pam_sss.c:529
+ msgid ", your cached password will expire at: "
+-msgstr ""
++msgstr ",您缓存的密码将过期于: "
+
+-#: src/sss_client/pam_sss.c:557
++#: src/sss_client/pam_sss.c:559
+ #, c-format
+ msgid "Your password has expired. You have %1$d grace login(s) remaining."
+-msgstr ""
++msgstr "您的密码已过期。您有 %1$d 剩余宽限登陆。"
+
+-#: src/sss_client/pam_sss.c:603
++#: src/sss_client/pam_sss.c:605
+ #, c-format
+ msgid "Your password will expire in %1$d %2$s."
+-msgstr ""
++msgstr "您的密码将于 %1$d %2$s 过期。"
+
+-#: src/sss_client/pam_sss.c:652
++#: src/sss_client/pam_sss.c:654
+ msgid "Authentication is denied until: "
+-msgstr ""
++msgstr "身份验证被拒绝,直到: "
+
+-#: src/sss_client/pam_sss.c:673
++#: src/sss_client/pam_sss.c:675
+ msgid "System is offline, password change not possible"
+-msgstr ""
++msgstr "系统离线,无法更改密码"
+
+-#: src/sss_client/pam_sss.c:688
++#: src/sss_client/pam_sss.c:690
+ msgid ""
+ "After changing the OTP password, you need to log out and back in order to "
+ "acquire a ticket"
+-msgstr ""
++msgstr "更改 OTP 密码后,您需要注销并重新登录以获得票证"
+
+-#: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
++#: src/sss_client/pam_sss.c:778 src/sss_client/pam_sss.c:791
+ msgid "Password change failed. "
+-msgstr ""
++msgstr "更改密码失败。"
+
+-#: src/sss_client/pam_sss.c:2008
++#: src/sss_client/pam_sss.c:2015
+ msgid "New Password: "
+-msgstr ""
++msgstr "新密码:"
+
+-#: src/sss_client/pam_sss.c:2009
++#: src/sss_client/pam_sss.c:2016
+ msgid "Reenter new Password: "
+-msgstr ""
++msgstr "重新输入新密码:"
+
+-#: src/sss_client/pam_sss.c:2171 src/sss_client/pam_sss.c:2174
++#: src/sss_client/pam_sss.c:2178 src/sss_client/pam_sss.c:2181
+ msgid "First Factor: "
+-msgstr ""
++msgstr "第一因素: "
+
+-#: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
++#: src/sss_client/pam_sss.c:2179 src/sss_client/pam_sss.c:2353
+ msgid "Second Factor (optional): "
+-msgstr ""
++msgstr "第二因素(可选): "
+
+-#: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
++#: src/sss_client/pam_sss.c:2182 src/sss_client/pam_sss.c:2356
+ msgid "Second Factor: "
+-msgstr ""
++msgstr "第二因素: "
+
+-#: src/sss_client/pam_sss.c:2190
++#: src/sss_client/pam_sss.c:2200
+ msgid "Password: "
+-msgstr ""
++msgstr "密码:"
+
+-#: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
++#: src/sss_client/pam_sss.c:2352 src/sss_client/pam_sss.c:2355
+ msgid "First Factor (Current Password): "
+-msgstr ""
++msgstr "第一因素(当前密码): "
+
+-#: src/sss_client/pam_sss.c:2349
++#: src/sss_client/pam_sss.c:2359
+ msgid "Current Password: "
+-msgstr ""
++msgstr "当前密码:"
+
+-#: src/sss_client/pam_sss.c:2704
++#: src/sss_client/pam_sss.c:2714
+ msgid "Password expired. Change your password now."
+-msgstr ""
++msgstr "密码已过期。立即更改密码。"
+
+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
+@@ -240,12 +2044,12 @@ msgstr ""
+ #: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
+ #: src/tools/sss_cache.c:719
+ msgid "The debug level to run with"
+-msgstr ""
++msgstr "要运行的调试级别"
+
+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
+ msgid "The SSSD domain to use"
+-msgstr ""
++msgstr "要使用的 SSSD 域"
+
+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
+ #: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
+@@ -253,27 +2057,27 @@ msgstr ""
+ #: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
+ #: src/tools/sss_cache.c:765
+ msgid "Error setting the locale\n"
+-msgstr ""
++msgstr "地区设置错误\n"
+
+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
+ msgid "Not enough memory\n"
+-msgstr ""
++msgstr "内存不足\n"
+
+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
+ msgid "User not specified\n"
+-msgstr ""
++msgstr "未指定用户\n"
+
+ #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
+ msgid "Error looking up public keys\n"
+-msgstr ""
++msgstr "查找公钥时出错\n"
+
+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
+ msgid "The port to use to connect to the host"
+-msgstr ""
++msgstr "用于连接主机的端口"
+
+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
+ msgid "Print the host ssh public keys"
+-msgstr ""
++msgstr "打印主机 ssh 公钥"
+
+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
+ msgid "Invalid port\n"
+@@ -281,173 +2085,173 @@ msgstr "无效端口\n"
+
+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
+ msgid "Host not specified\n"
+-msgstr ""
++msgstr "未指定主机\n"
+
+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
+ msgid "The path to the proxy command must be absolute\n"
+-msgstr ""
++msgstr "到 proxy 命令的路径必须是绝对路径\n"
+
+ #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
+ #, c-format
+ msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
+-msgstr ""
++msgstr "sss_ssh_knownhostsproxy:无法解析主机名 %s\n"
+
+ #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
+ msgid "The UID of the user"
+-msgstr ""
++msgstr "用户的 UID"
+
+ #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
+ msgid "The comment string"
+-msgstr ""
++msgstr "注释字符串"
+
+ #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
+ msgid "Home directory"
+-msgstr ""
++msgstr "家目录"
+
+ #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
+ msgid "Login shell"
+-msgstr ""
++msgstr "登陆 shell"
+
+ #: src/tools/sss_useradd.c:53
+ msgid "Groups"
+-msgstr ""
++msgstr "组"
+
+ #: src/tools/sss_useradd.c:54
+ msgid "Create user's directory if it does not exist"
+-msgstr ""
++msgstr "创建用户目录(如果不存在)"
+
+ #: src/tools/sss_useradd.c:55
+ msgid "Never create user's directory, overrides config"
+-msgstr ""
++msgstr "不创建用户目录,覆盖配置"
+
+ #: src/tools/sss_useradd.c:56
+ msgid "Specify an alternative skeleton directory"
+-msgstr ""
++msgstr "指定一个备用的 skeleton 目录"
+
+ #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
+ msgid "The SELinux user for user's login"
+-msgstr ""
++msgstr "用于用户登录的 SELinux用户"
+
+ #: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
+ #: src/tools/sss_usermod.c:92
+ msgid "Specify group to add to\n"
+-msgstr ""
++msgstr "指定添加到的组\n"
+
+ #: src/tools/sss_useradd.c:111
+ msgid "Specify user to add\n"
+-msgstr ""
++msgstr "指定要添加的用户\n"
+
+ #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
+ #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
+ #: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
+ #: src/tools/sss_usermod.c:162
+ msgid "Error initializing the tools - no local domain\n"
+-msgstr ""
++msgstr "初始化工具时出错 - 没有本地域\n"
+
+ #: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
+ #: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
+ #: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
+ #: src/tools/sss_usermod.c:164
+ msgid "Error initializing the tools\n"
+-msgstr ""
++msgstr "初始化工具出错。\n"
+
+ #: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
+ #: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
+ #: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
+ #: src/tools/sss_usermod.c:173
+ msgid "Invalid domain specified in FQDN\n"
+-msgstr ""
++msgstr "FQDN 中指定的域无效\n"
+
+ #: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
+ #: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
+ #: src/tools/sss_usermod.c:226
+ msgid "Internal error while parsing parameters\n"
+-msgstr ""
++msgstr "解析参数时发生内部错误\n"
+
+ #: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
+ #: src/tools/sss_usermod.c:235
+ msgid "Groups must be in the same domain as user\n"
+-msgstr ""
++msgstr "组必须与用户在同一域中\n"
+
+ #: src/tools/sss_useradd.c:159
+ #, c-format
+ msgid "Cannot find group %1$s in local domain\n"
+-msgstr ""
++msgstr "无法在本的域中找到组 %1$s\n"
+
+ #: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
+ msgid "Cannot set default values\n"
+-msgstr ""
++msgstr "无法设置默认值\n"
+
+ #: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
+ msgid "The selected UID is outside the allowed range\n"
+-msgstr ""
++msgstr "所选的 UID 超出了允许范围\n"
+
+ #: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
+ msgid "Cannot set SELinux login context\n"
+-msgstr ""
++msgstr "无法设置 SELinux 登录上下文\n"
+
+ #: src/tools/sss_useradd.c:224
+ msgid "Cannot get info about the user\n"
+-msgstr ""
++msgstr "无法获得用户的信息\n"
+
+ #: src/tools/sss_useradd.c:236
+ msgid "User's home directory already exists, not copying data from skeldir\n"
+-msgstr ""
++msgstr "用户的家目录已存在,无法从 skeldir 复制数据\n"
+
+ #: src/tools/sss_useradd.c:239
+ #, c-format
+ msgid "Cannot create user's home directory: %1$s\n"
+-msgstr ""
++msgstr "无法创建用户的家目录:%1$s\n"
+
+ #: src/tools/sss_useradd.c:250
+ #, c-format
+ msgid "Cannot create user's mail spool: %1$s\n"
+-msgstr ""
++msgstr "无法创建用户的邮件 spool: %1$s\n"
+
+ #: src/tools/sss_useradd.c:270
+ msgid "Could not allocate ID for the user - domain full?\n"
+-msgstr ""
++msgstr "无法为用户分配 ID - 域已满?\n"
+
+ #: src/tools/sss_useradd.c:274
+ msgid "A user or group with the same name or ID already exists\n"
+-msgstr ""
++msgstr "具有相同名称或 ID 的用户或组已经存在\n"
+
+ #: src/tools/sss_useradd.c:280
+ msgid "Transaction error. Could not add user.\n"
+-msgstr ""
++msgstr "交易错误。无法添加用户。\n"
+
+ #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
+ msgid "The GID of the group"
+-msgstr ""
++msgstr "组的 GID"
+
+ #: src/tools/sss_groupadd.c:76
+ msgid "Specify group to add\n"
+-msgstr ""
++msgstr "指定添加的组\n"
+
+ #: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
+ msgid "The selected GID is outside the allowed range\n"
+-msgstr ""
++msgstr "所选的 GID 超出了允许范围\n"
+
+ #: src/tools/sss_groupadd.c:143
+ msgid "Could not allocate ID for the group - domain full?\n"
+-msgstr ""
++msgstr "无法为组分配 ID - 域已满?\n"
+
+ #: src/tools/sss_groupadd.c:147
+ msgid "A group with the same name or GID already exists\n"
+-msgstr ""
++msgstr "具有相同名称或 GID 的组已经存在\n"
+
+ #: src/tools/sss_groupadd.c:153
+ msgid "Transaction error. Could not add group.\n"
+-msgstr ""
++msgstr "交易错误。无法添加组。\n"
+
+ #: src/tools/sss_groupdel.c:70
+ msgid "Specify group to delete\n"
+-msgstr ""
++msgstr "指定删除的组\n"
+
+ #: src/tools/sss_groupdel.c:104
+ #, c-format
+ msgid "Group %1$s is outside the defined ID range for domain\n"
+-msgstr ""
++msgstr "组 %1$s 在域的定义 ID 范围之外\n"
+
+ #: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
+ #: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
+@@ -455,43 +2259,43 @@ msgstr ""
+ #: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
+ #, c-format
+ msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
+-msgstr ""
++msgstr "NSS 请求失败(%1$d)。条目可能保留在内存缓存中。\n"
+
+ #: src/tools/sss_groupdel.c:132
+ msgid ""
+-"No such group in local domain. Removing groups only allowed in local "
+-"domain.\n"
+-msgstr ""
++"No such group in local domain. Removing groups only allowed in local domain."
++"\n"
++msgstr "本地域中没有这样的组。只在本地域中允许删除组。\n"
+
+ #: src/tools/sss_groupdel.c:137
+ msgid "Internal error. Could not remove group.\n"
+-msgstr ""
++msgstr "内部错误。无法删除组。\n"
+
+ #: src/tools/sss_groupmod.c:44
+ msgid "Groups to add this group to"
+-msgstr ""
++msgstr "把这个组添加到的组"
+
+ #: src/tools/sss_groupmod.c:46
+ msgid "Groups to remove this group from"
+-msgstr ""
++msgstr "要从中删除该组的组"
+
+ #: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
+ msgid "Specify group to remove from\n"
+-msgstr ""
++msgstr "指定要从中删除的组\n"
+
+ #: src/tools/sss_groupmod.c:101
+ msgid "Specify group to modify\n"
+-msgstr ""
++msgstr "指定修改的组\n"
+
+ #: src/tools/sss_groupmod.c:130
+ msgid ""
+ "Cannot find group in local domain, modifying groups is allowed only in local "
+ "domain\n"
+-msgstr ""
++msgstr "在本地域中找不到组,仅允许在本地域中修改组\n"
+
+ #: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
+ msgid "Member groups must be in the same domain as parent group\n"
+-msgstr ""
++msgstr "成员组必须与父组在同一域中\n"
+
+ #: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
+ #: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
+@@ -499,456 +2303,456 @@ msgstr ""
+ msgid ""
+ "Cannot find group %1$s in local domain, only groups in local domain are "
+ "allowed\n"
+-msgstr ""
++msgstr "无法在本地域中找到组 %1$s,只允许在本地域中的组\n"
+
+ #: src/tools/sss_groupmod.c:257
+ msgid "Could not modify group - check if member group names are correct\n"
+-msgstr ""
++msgstr "无法修改组 - 检查成员组名称是否正确\n"
+
+ #: src/tools/sss_groupmod.c:261
+ msgid "Could not modify group - check if groupname is correct\n"
+-msgstr ""
++msgstr " 无法修改组 - 检查组名是否正确\n"
+
+ #: src/tools/sss_groupmod.c:265
+ msgid "Transaction error. Could not modify group.\n"
+-msgstr ""
++msgstr "交易错误。无法修改组。\n"
+
+ #: src/tools/sss_groupshow.c:616
+ msgid "Magic Private "
+-msgstr ""
++msgstr "Magic Private "
+
+ #: src/tools/sss_groupshow.c:615
+ #, c-format
+ msgid "%1$s%2$sGroup: %3$s\n"
+-msgstr ""
++msgstr "%1$s%2$sGroup: %3$s\n"
+
+ #: src/tools/sss_groupshow.c:618
+ #, c-format
+ msgid "%1$sGID number: %2$d\n"
+-msgstr ""
++msgstr "%1$sGID 号:%2$d\n"
+
+ #: src/tools/sss_groupshow.c:620
+ #, c-format
+ msgid "%1$sMember users: "
+-msgstr ""
++msgstr "%1$sMember 用户:"
+
+ #: src/tools/sss_groupshow.c:627
+ #, c-format
+-msgid ""
+-"\n"
++msgid "\n"
+ "%1$sIs a member of: "
+-msgstr ""
++msgstr "\n"
++"%1$sIs 一个成员:"
+
+ #: src/tools/sss_groupshow.c:634
+ #, c-format
+-msgid ""
+-"\n"
++msgid "\n"
+ "%1$sMember groups: "
+-msgstr ""
++msgstr "\n"
++"%1$sMember 组:"
+
+ #: src/tools/sss_groupshow.c:670
+ msgid "Print indirect group members recursively"
+-msgstr ""
++msgstr "递归打印间接组成员"
+
+ #: src/tools/sss_groupshow.c:704
+ msgid "Specify group to show\n"
+-msgstr ""
++msgstr "指定显示的组\n"
+
+ #: src/tools/sss_groupshow.c:744
+ msgid ""
+-"No such group in local domain. Printing groups only allowed in local "
+-"domain.\n"
+-msgstr ""
++"No such group in local domain. Printing groups only allowed in local domain."
++"\n"
++msgstr "本地域中没有这样的组。只在本地域中允许打印组。\n"
+
+ #: src/tools/sss_groupshow.c:749
+ msgid "Internal error. Could not print group.\n"
+-msgstr ""
++msgstr "内部错误。无法打印组。\n"
+
+ #: src/tools/sss_userdel.c:138
+ msgid "Remove home directory and mail spool"
+-msgstr ""
++msgstr "删除主目录和邮件假脱机"
+
+ #: src/tools/sss_userdel.c:140
+ msgid "Do not remove home directory and mail spool"
+-msgstr ""
++msgstr "不删除主目录和邮件假脱机"
+
+ #: src/tools/sss_userdel.c:142
+ msgid "Force removal of files not owned by the user"
+-msgstr ""
++msgstr "用户不允许强制删除文件"
+
+ #: src/tools/sss_userdel.c:144
+ msgid "Kill users' processes before removing him"
+-msgstr ""
++msgstr "在删除用户前终止用户的进程"
+
+ #: src/tools/sss_userdel.c:190
+ msgid "Specify user to delete\n"
+-msgstr ""
++msgstr "指定删除的用户\n"
+
+ #: src/tools/sss_userdel.c:236
+ #, c-format
+ msgid "User %1$s is outside the defined ID range for domain\n"
+-msgstr ""
++msgstr "用户 %1$s 在域的定义 ID 范围之外\n"
+
+ #: src/tools/sss_userdel.c:261
+ msgid "Cannot reset SELinux login context\n"
+-msgstr ""
++msgstr "无法重新设置 SELinux 登录上下文\n"
+
+ #: src/tools/sss_userdel.c:273
+ #, c-format
+ msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
+-msgstr ""
++msgstr "警告:用户(uid %1$lu )在删除后仍处于登录状态。\n"
+
+ #: src/tools/sss_userdel.c:278
+ msgid "Cannot determine if the user was logged in on this platform"
+-msgstr ""
++msgstr "无法确定用户是否已在此平台上登录"
+
+ #: src/tools/sss_userdel.c:283
+ msgid "Error while checking if the user was logged in\n"
+-msgstr ""
++msgstr "检查用户是否登录时出错\n"
+
+ #: src/tools/sss_userdel.c:290
+ #, c-format
+ msgid "The post-delete command failed: %1$s\n"
+-msgstr ""
++msgstr "后删除命令失败: %1$s\n"
+
+ #: src/tools/sss_userdel.c:310
+ msgid "Not removing home dir - not owned by user\n"
+-msgstr ""
++msgstr "没有删除主目录 - 不归用户所有\n"
+
+ #: src/tools/sss_userdel.c:312
+ #, c-format
+ msgid "Cannot remove homedir: %1$s\n"
+-msgstr ""
++msgstr "无法删除主目录:%1$s\n"
+
+ #: src/tools/sss_userdel.c:326
+ msgid ""
+ "No such user in local domain. Removing users only allowed in local domain.\n"
+-msgstr ""
++msgstr "本地域中没有这样的用户。只在本地域中允许删除用户。\n"
+
+ #: src/tools/sss_userdel.c:331
+ msgid "Internal error. Could not remove user.\n"
+-msgstr ""
++msgstr "内部错误。无法删除用户。\n"
+
+ #: src/tools/sss_usermod.c:49
+ msgid "The GID of the user"
+-msgstr ""
++msgstr "用户的 GID"
+
+ #: src/tools/sss_usermod.c:53
+ msgid "Groups to add this user to"
+-msgstr ""
++msgstr "这个用户加入的组"
+
+ #: src/tools/sss_usermod.c:54
+ msgid "Groups to remove this user from"
+-msgstr ""
++msgstr "要从中删除该用户的组"
+
+ #: src/tools/sss_usermod.c:55
+ msgid "Lock the account"
+-msgstr ""
++msgstr "锁定账户"
+
+ #: src/tools/sss_usermod.c:56
+ msgid "Unlock the account"
+-msgstr ""
++msgstr "解锁账户"
+
+ #: src/tools/sss_usermod.c:57
+ msgid "Add an attribute/value pair. The format is attrname=value."
+-msgstr ""
++msgstr "添加一个属性/值对。格式为 attrname=value。"
+
+ #: src/tools/sss_usermod.c:58
+ msgid "Delete an attribute/value pair. The format is attrname=value."
+-msgstr ""
++msgstr "删除一个属性/值对。格式为 attrname=value。"
+
+ #: src/tools/sss_usermod.c:59
+ msgid ""
+ "Set an attribute to a name/value pair. The format is attrname=value. For "
+ "multi-valued attributes, the command replaces the values already present"
+-msgstr ""
++msgstr "将属性设置为名称/值对。格式为 attrname=value。对于多值属性,替换值的命令已存在。"
+
+ #: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
+ #: src/tools/sss_usermod.c:135
+ msgid "Specify the attribute name/value pair(s)\n"
+-msgstr ""
++msgstr "指定属性名称/值对\n"
+
+ #: src/tools/sss_usermod.c:152
+ msgid "Specify user to modify\n"
+-msgstr ""
++msgstr "指定要修改的用户\n"
+
+ #: src/tools/sss_usermod.c:180
+ msgid ""
+ "Cannot find user in local domain, modifying users is allowed only in local "
+ "domain\n"
+-msgstr ""
++msgstr "在本地域中找不到用户,仅允许在本地域中修改用户\n"
+
+ #: src/tools/sss_usermod.c:322
+ msgid "Could not modify user - check if group names are correct\n"
+-msgstr ""
++msgstr "无法修改用户 - 检查组名称是否正确\n"
+
+ #: src/tools/sss_usermod.c:326
+ msgid "Could not modify user - user already member of groups?\n"
+-msgstr ""
++msgstr "无法修改用户 - 用户是否已是组成员?\n"
+
+ #: src/tools/sss_usermod.c:330
+ msgid "Transaction error. Could not modify user.\n"
+-msgstr ""
++msgstr "交易错误。无法修改用户。\n"
+
+ #: src/tools/sss_cache.c:245
+ msgid "No cache object matched the specified search\n"
+-msgstr ""
++msgstr "没有符合指定搜索条件的缓存对象\n"
+
+ #: src/tools/sss_cache.c:536
+ #, c-format
+ msgid "Couldn't invalidate %1$s\n"
+-msgstr ""
++msgstr "无法使 %1$s 无效\n"
+
+ #: src/tools/sss_cache.c:543
+ #, c-format
+ msgid "Couldn't invalidate %1$s %2$s\n"
+-msgstr ""
++msgstr "无法使 %1$s %2$s 无效\n"
+
+ #: src/tools/sss_cache.c:721
+ msgid "Invalidate all cached entries"
+-msgstr ""
++msgstr "使所有缓存的条目无效"
+
+ #: src/tools/sss_cache.c:723
+ msgid "Invalidate particular user"
+-msgstr ""
++msgstr "使特定用户无效"
+
+ #: src/tools/sss_cache.c:725
+ msgid "Invalidate all users"
+-msgstr ""
++msgstr "使所有用户无效"
+
+ #: src/tools/sss_cache.c:727
+ msgid "Invalidate particular group"
+-msgstr ""
++msgstr "使特定组无效"
+
+ #: src/tools/sss_cache.c:729
+ msgid "Invalidate all groups"
+-msgstr ""
++msgstr "使所有组无效"
+
+ #: src/tools/sss_cache.c:731
+ msgid "Invalidate particular netgroup"
+-msgstr ""
++msgstr "使特定 netgroup 无效"
+
+ #: src/tools/sss_cache.c:733
+ msgid "Invalidate all netgroups"
+-msgstr ""
++msgstr "使所有 netgroup 无效"
+
+ #: src/tools/sss_cache.c:735
+ msgid "Invalidate particular service"
+-msgstr ""
++msgstr "使特定服务无效"
+
+ #: src/tools/sss_cache.c:737
+ msgid "Invalidate all services"
+-msgstr ""
++msgstr "使所有服务无效"
+
+ #: src/tools/sss_cache.c:740
+ msgid "Invalidate particular autofs map"
+-msgstr ""
++msgstr "使特定 autofs 映射无效"
+
+ #: src/tools/sss_cache.c:742
+ msgid "Invalidate all autofs maps"
+-msgstr ""
++msgstr "使所有 autofs 映射无效"
+
+ #: src/tools/sss_cache.c:746
+ msgid "Invalidate particular SSH host"
+-msgstr ""
++msgstr "使特定 SSH 主机无效"
+
+ #: src/tools/sss_cache.c:748
+ msgid "Invalidate all SSH hosts"
+-msgstr ""
++msgstr "使所有 SSH 主机无效"
+
+ #: src/tools/sss_cache.c:752
+ msgid "Invalidate particular sudo rule"
+-msgstr ""
++msgstr "使特定 sudo 规则无效"
+
+ #: src/tools/sss_cache.c:754
+ msgid "Invalidate all cached sudo rules"
+-msgstr ""
++msgstr "使所有缓存的 sudo 规则无效"
+
+ #: src/tools/sss_cache.c:757
+ msgid "Only invalidate entries from a particular domain"
+-msgstr ""
++msgstr "使来自特定域的项无效"
+
+ #: src/tools/sss_cache.c:811
+ msgid ""
+ "Unexpected argument(s) provided, options that invalidate a single object "
+ "only accept a single provided argument.\n"
+-msgstr ""
++msgstr "提供了意外的参数,使单个对象无效的选项仅接受单个参数。\n"
+
+ #: src/tools/sss_cache.c:821
+ msgid "Please select at least one object to invalidate\n"
+-msgstr ""
++msgstr "请选择至少一个对象以使其无效\n"
+
+ #: src/tools/sss_cache.c:904
+ #, c-format
+ msgid ""
+ "Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
+ "use fully qualified name instead of --domain/-d parameter.\n"
+-msgstr ""
++msgstr "无法打开域 %1$s 。如果域是子域(受信任的域),请使用完全限定名而不是 --domain/-d 参数。\n"
+
+ #: src/tools/sss_cache.c:909
+ msgid "Could not open available domains\n"
+-msgstr ""
++msgstr "无法打开可用域\n"
+
+ #: src/tools/tools_util.c:202
+ #, c-format
+ msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
+-msgstr ""
++msgstr "名称 '%1$s' 似乎不是 FQDN(设置了 '%2$s =TRUE‘)\n"
+
+ #: src/tools/tools_util.c:309
+ msgid "Out of memory\n"
+-msgstr ""
++msgstr "无可用内存\n"
+
+ #: src/tools/tools_util.h:40
+ #, c-format
+ msgid "%1$s must be run as root\n"
+-msgstr ""
++msgstr "%1$s 必须以 root 运行\n"
+
+ #: src/tools/sssctl/sssctl.c:35
+ msgid "yes"
+-msgstr ""
++msgstr "是"
+
+ #: src/tools/sssctl/sssctl.c:37
+ msgid "no"
+-msgstr ""
++msgstr "否"
+
+ #: src/tools/sssctl/sssctl.c:39
+ msgid "error"
+-msgstr ""
++msgstr "错误"
+
+ #: src/tools/sssctl/sssctl.c:42
+ msgid "Invalid result."
+-msgstr ""
++msgstr "结果无效。"
+
+ #: src/tools/sssctl/sssctl.c:78
+ msgid "Unable to read user input\n"
+-msgstr ""
++msgstr "无法读取用户输入\n"
+
+ #: src/tools/sssctl/sssctl.c:91
+ #, c-format
+ msgid "Invalid input, please provide either '%s' or '%s'.\n"
+-msgstr ""
++msgstr "无效输入,请提供 '%s' 或 '%s'。\n"
+
+ #: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
+ msgid "Error while executing external command\n"
+-msgstr ""
++msgstr "执行外部命令时出错\n"
+
+ #: src/tools/sssctl/sssctl.c:156
+ msgid "SSSD needs to be running. Start SSSD now?"
+-msgstr ""
++msgstr "需要运行 SSSD。现在启动 SSSD?"
+
+ #: src/tools/sssctl/sssctl.c:195
+ msgid "SSSD must not be running. Stop SSSD now?"
+-msgstr ""
++msgstr "SSSD 不能运行。现在停止 SSSD?"
+
+ #: src/tools/sssctl/sssctl.c:231
+ msgid "SSSD needs to be restarted. Restart SSSD now?"
+-msgstr ""
++msgstr "需要重新运行 SSSD。现在重新运行 SSSD?"
+
+ #: src/tools/sssctl/sssctl_cache.c:31
+ #, c-format
+ msgid " %s is not present in cache.\n"
+-msgstr ""
++msgstr " %s 没有存在于缓存中。\n"
+
+ #: src/tools/sssctl/sssctl_cache.c:33
+ msgid "Name"
+-msgstr ""
++msgstr "名称"
+
+ #: src/tools/sssctl/sssctl_cache.c:34
+ msgid "Cache entry creation date"
+-msgstr ""
++msgstr "缓存条目创建日期"
+
+ #: src/tools/sssctl/sssctl_cache.c:35
+ msgid "Cache entry last update time"
+-msgstr ""
++msgstr "缓存条目最新更新的时间"
+
+ #: src/tools/sssctl/sssctl_cache.c:36
+ msgid "Cache entry expiration time"
+-msgstr ""
++msgstr "缓存条目过期的时间"
+
+ #: src/tools/sssctl/sssctl_cache.c:37
+ msgid "Cached in InfoPipe"
+-msgstr ""
++msgstr "在 InfoPipe 中缓存"
+
+ #: src/tools/sssctl/sssctl_cache.c:522
+ #, c-format
+ msgid "Error: Unable to get object [%d]: %s\n"
+-msgstr ""
++msgstr "错误:无法获得对象 [%d]: %s\n"
+
+ #: src/tools/sssctl/sssctl_cache.c:538
+ #, c-format
+ msgid "%s: Unable to read value [%d]: %s\n"
+-msgstr ""
++msgstr "%s: 无法读取值 [%d]: %s\n"
+
+ #: src/tools/sssctl/sssctl_cache.c:566
+ msgid "Specify name."
+-msgstr ""
++msgstr "指定名称。"
+
+ #: src/tools/sssctl/sssctl_cache.c:576
+ #, c-format
+ msgid "Unable to parse name %s.\n"
+-msgstr ""
++msgstr "无法解析名称 %s 。\n"
+
+ #: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
+ msgid "Search by SID"
+-msgstr ""
++msgstr "使用 SID 搜索"
+
+ #: src/tools/sssctl/sssctl_cache.c:603
+ msgid "Search by user ID"
+-msgstr ""
++msgstr "使用用户 ID 搜索"
+
+ #: src/tools/sssctl/sssctl_cache.c:612
+ msgid "Initgroups expiration time"
+-msgstr ""
++msgstr "Initgroups 过期时间"
+
+ #: src/tools/sssctl/sssctl_cache.c:650
+ msgid "Search by group ID"
+-msgstr ""
++msgstr "使用组 ID 搜索"
+
+-#: src/tools/sssctl/sssctl_config.c:70
++#: src/tools/sssctl/sssctl_config.c:112
+ #, c-format
+ msgid "Failed to open %s\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:75
++#: src/tools/sssctl/sssctl_config.c:117
+ #, c-format
+ msgid "File %1$s does not exist.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:79
++#: src/tools/sssctl/sssctl_config.c:121
+ msgid ""
+ "File ownership and permissions check failed. Expected root:root and 0600.\n"
+-msgstr ""
++msgstr "文件所有权和权限检查失败。预期的是 root:root 和 0600。\n"
+
+-#: src/tools/sssctl/sssctl_config.c:85
++#: src/tools/sssctl/sssctl_config.c:127
+ #, c-format
+ msgid "Failed to load configuration from %s.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:91
++#: src/tools/sssctl/sssctl_config.c:133
+ msgid "Error while reading configuration directory.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:99
++#: src/tools/sssctl/sssctl_config.c:141
+ msgid ""
+ "There is no configuration. SSSD will use default configuration with files "
+ "provider.\n"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:111
++#: src/tools/sssctl/sssctl_config.c:153
+ msgid "Failed to run validators"
+ msgstr ""
+
+-#: src/tools/sssctl/sssctl_config.c:115
++#: src/tools/sssctl/sssctl_config.c:157
+ #, c-format
+ msgid "Issues identified by validators: %zu\n"
+-msgstr ""
++msgstr "验证者发现了问题: %zu\n"
+
+-#: src/tools/sssctl/sssctl_config.c:126
++#: src/tools/sssctl/sssctl_config.c:168
+ #, c-format
+ msgid "Messages generated during configuration merging: %zu\n"
+-msgstr ""
++msgstr "配置合并期间生成的消息: %zu\n"
+
+-#: src/tools/sssctl/sssctl_config.c:137
++#: src/tools/sssctl/sssctl_config.c:179
+ #, c-format
+ msgid "Used configuration snippet files: %zu\n"
+ msgstr ""
+@@ -956,76 +2760,76 @@ msgstr ""
+ #: src/tools/sssctl/sssctl_data.c:89
+ #, c-format
+ msgid "Unable to create backup directory [%d]: %s"
+-msgstr ""
++msgstr "无法创建备份目录 [%d]: %s"
+
+ #: src/tools/sssctl/sssctl_data.c:95
+ msgid "SSSD backup of local data already exists, override?"
+-msgstr ""
++msgstr "SSSD 本地数据备份已经存在,可以覆盖吗?"
+
+ #: src/tools/sssctl/sssctl_data.c:111
+ msgid "Unable to export user overrides\n"
+-msgstr ""
++msgstr "无法导出用户覆盖\n"
+
+ #: src/tools/sssctl/sssctl_data.c:118
+ msgid "Unable to export group overrides\n"
+-msgstr ""
++msgstr "无法导出组覆盖\n"
+
+ #: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
+ msgid "Override existing backup"
+-msgstr ""
++msgstr "覆盖现有的备份"
+
+ #: src/tools/sssctl/sssctl_data.c:164
+ msgid "Unable to import user overrides\n"
+-msgstr ""
++msgstr "无法导入用户覆盖\n"
+
+ #: src/tools/sssctl/sssctl_data.c:173
+ msgid "Unable to import group overrides\n"
+-msgstr ""
++msgstr "无法导入组覆盖\n"
+
+ #: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
+ #: src/tools/sssctl/sssctl_domains.c:328
+ msgid "Start SSSD if it is not running"
+-msgstr ""
++msgstr "如果未运行,启动 SSSD"
+
+ #: src/tools/sssctl/sssctl_data.c:195
+ msgid "Restart SSSD after data import"
+-msgstr ""
++msgstr "数据导入后重新启动 SSSD"
+
+ #: src/tools/sssctl/sssctl_data.c:218
+ msgid "Create clean cache files and import local data"
+-msgstr ""
++msgstr "创建干净的缓存文件并导入本地数据"
+
+ #: src/tools/sssctl/sssctl_data.c:219
+ msgid "Stop SSSD before removing the cache"
+-msgstr ""
++msgstr "在删除缓存之前停止 SSSD"
+
+ #: src/tools/sssctl/sssctl_data.c:220
+ msgid "Start SSSD when the cache is removed"
+-msgstr ""
++msgstr "删除缓存后启动 SSSD"
+
+ #: src/tools/sssctl/sssctl_data.c:235
+ msgid "Creating backup of local data...\n"
+-msgstr ""
++msgstr "正在创建本地数据备份...\n"
+
+ #: src/tools/sssctl/sssctl_data.c:238
+ msgid "Unable to create backup of local data, can not remove the cache.\n"
+-msgstr ""
++msgstr "无法创建本地数据备份,无法删除缓存。\n"
+
+ #: src/tools/sssctl/sssctl_data.c:243
+ msgid "Removing cache files...\n"
+-msgstr ""
++msgstr "删除缓存文件...\n"
+
+ #: src/tools/sssctl/sssctl_data.c:246
+ msgid "Unable to remove cache files\n"
+-msgstr ""
++msgstr "无法删除缓存文件\n"
+
+ #: src/tools/sssctl/sssctl_data.c:251
+ msgid "Restoring local data...\n"
+-msgstr ""
++msgstr "恢复本地数据...\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:83
+ msgid "Show domain list including primary or trusted domain type"
+-msgstr ""
++msgstr "显示域列表,包括主要或受信任的域类型"
+
+ #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
+ #: src/tools/sssctl/sssctl_user_checks.c:95
+@@ -1034,16 +2838,16 @@ msgstr ""
+
+ #: src/tools/sssctl/sssctl_domains.c:167
+ msgid "Online"
+-msgstr ""
++msgstr "在线"
+
+ #: src/tools/sssctl/sssctl_domains.c:167
+ msgid "Offline"
+-msgstr ""
++msgstr "离线"
+
+ #: src/tools/sssctl/sssctl_domains.c:167
+ #, c-format
+ msgid "Online status: %s\n"
+-msgstr ""
++msgstr "在线状态: %s\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:213
+ msgid "This domain has no active servers.\n"
+@@ -1051,11 +2855,11 @@ msgstr ""
+
+ #: src/tools/sssctl/sssctl_domains.c:218
+ msgid "Active servers:\n"
+-msgstr ""
++msgstr "活动服务器:\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:230
+ msgid "not connected"
+-msgstr ""
++msgstr "未连接"
+
+ #: src/tools/sssctl/sssctl_domains.c:267
+ msgid "No servers discovered.\n"
+@@ -1064,307 +2868,285 @@ msgstr ""
+ #: src/tools/sssctl/sssctl_domains.c:273
+ #, c-format
+ msgid "Discovered %s servers:\n"
+-msgstr ""
++msgstr "发现的 %s 服务器:\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:285
+ msgid "None so far.\n"
+-msgstr ""
++msgstr "到目前为止没有。\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:325
+ msgid "Show online status"
+-msgstr ""
++msgstr "显示在线状态"
+
+ #: src/tools/sssctl/sssctl_domains.c:326
+ msgid "Show information about active server"
+-msgstr ""
++msgstr "显示有关活动服务器的信息"
+
+ #: src/tools/sssctl/sssctl_domains.c:327
+ msgid "Show list of discovered servers"
+-msgstr ""
++msgstr "显示发现的服务器列表"
+
+ #: src/tools/sssctl/sssctl_domains.c:333
+ msgid "Specify domain name."
+-msgstr ""
++msgstr "指定域名。"
+
+ #: src/tools/sssctl/sssctl_domains.c:355
+ msgid "Out of memory!\n"
+-msgstr ""
++msgstr "无可用的内存!\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
+ msgid "Unable to get online status\n"
+-msgstr ""
++msgstr "无法获得在线状态\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:395
+ msgid "Unable to get server list\n"
+-msgstr ""
++msgstr "无法获取服务器列表\n"
+
+ #: src/tools/sssctl/sssctl_logs.c:46
+ msgid "\n"
+-msgstr ""
++msgstr "\n"
+
+ #: src/tools/sssctl/sssctl_logs.c:236
+ msgid "Delete log files instead of truncating"
+-msgstr ""
++msgstr "删除日志文件而不是截断"
+
+ #: src/tools/sssctl/sssctl_logs.c:247
+ msgid "Deleting log files...\n"
+-msgstr ""
++msgstr "删除日志文件...\n"
+
+ #: src/tools/sssctl/sssctl_logs.c:250
+ msgid "Unable to remove log files\n"
+-msgstr ""
++msgstr "无法删除日志文件\n"
+
+ #: src/tools/sssctl/sssctl_logs.c:256
+ msgid "Truncating log files...\n"
+-msgstr ""
++msgstr "截断日志文件...\n"
+
+ #: src/tools/sssctl/sssctl_logs.c:259
+ msgid "Unable to truncate log files\n"
+-msgstr ""
++msgstr "无法截断日志文件\n"
+
+ #: src/tools/sssctl/sssctl_logs.c:285
+ msgid "Out of memory!"
+-msgstr ""
++msgstr "无可用的内存!"
+
+ #: src/tools/sssctl/sssctl_logs.c:288
+ #, c-format
+ msgid "Archiving log files into %s...\n"
+-msgstr ""
++msgstr "将日志文件归档到 %s ...\n"
+
+ #: src/tools/sssctl/sssctl_logs.c:291
+ msgid "Unable to archive log files\n"
+-msgstr ""
++msgstr "无法归档日志文件\n"
+
+ #: src/tools/sssctl/sssctl_logs.c:316
+ msgid "Specify debug level you want to set"
+-msgstr ""
++msgstr "指定要设置的调试级别"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:117
+ msgid "SSSD InfoPipe user lookup result:\n"
+-msgstr ""
++msgstr "SSSD InfoPipe 用户查找结果:\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:167
+ #, c-format
+ msgid "dlopen failed with [%s].\n"
+-msgstr ""
++msgstr "dlopen 失败 [%s]。\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:174
+ #, c-format
+ msgid "dlsym failed with [%s].\n"
+-msgstr ""
++msgstr "dlsym 失败 [%s]。\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:182
+ msgid "malloc failed.\n"
+-msgstr ""
++msgstr "malloc 失败。\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:189
+ #, c-format
+ msgid "sss_getpwnam_r failed with [%d].\n"
+-msgstr ""
++msgstr "sss_getpwnam_r 失败 [%d]。\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:194
+ msgid "SSSD nss user lookup result:\n"
+-msgstr ""
++msgstr "SSSD nss 用户查找结果:\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:195
+ #, c-format
+ msgid " - user name: %s\n"
+-msgstr ""
++msgstr " - 用户名 : %s\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:196
+ #, c-format
+ msgid " - user id: %d\n"
+-msgstr ""
++msgstr " - 用户 id: %d\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:197
+ #, c-format
+ msgid " - group id: %d\n"
+-msgstr ""
++msgstr " - 组 id: %d\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:198
+ #, c-format
+ msgid " - gecos: %s\n"
+-msgstr ""
++msgstr " - gecos: %s\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:199
+ #, c-format
+ msgid " - home directory: %s\n"
+-msgstr ""
++msgstr " - 家目录 : %s\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:200
+ #, c-format
+-msgid ""
+-" - shell: %s\n"
++msgid " - shell: %s\n"
++"\n"
++msgstr " - shell: %s\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:232
+ msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
+-msgstr ""
++msgstr "PAM 操作 [auth|acct|setc|chau|open|clos],默认:"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:235
+ msgid "PAM service, default: "
+-msgstr ""
++msgstr "PAM 服务,默认:"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:240
+ msgid "Specify user name."
+-msgstr ""
++msgstr "指定用户名。"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:247
+ #, c-format
+-msgid ""
+-"user: %s\n"
++msgid "user: %s\n"
+ "action: %s\n"
+ "service: %s\n"
+ "\n"
+-msgstr ""
++msgstr "用户:%s\n"
++"操作:%s\n"
++"服务:%s\n"
++"\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:252
+ #, c-format
+ msgid "User name lookup with [%s] failed.\n"
+-msgstr ""
++msgstr "使用 [%s] 进行用户名查找失败。\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:257
+ #, c-format
+ msgid "InfoPipe User lookup with [%s] failed.\n"
+-msgstr ""
++msgstr "使用 [%s] 进行 InfoPipe 用户查找失败。\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:263
+ #, c-format
+ msgid "pam_start failed: %s\n"
+-msgstr ""
++msgstr "pam_start 失败:%s\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:268
+-msgid ""
+-"testing pam_authenticate\n"
++msgid "testing pam_authenticate\n"
++"\n"
++msgstr "testing pam_authenticate\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:272
+ #, c-format
+ msgid "pam_get_item failed: %s\n"
+-msgstr ""
++msgstr "pam_get_item 失败:%s\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:275
+ #, c-format
+-msgid ""
+-"pam_authenticate for user [%s]: %s\n"
++msgid "pam_authenticate for user [%s]: %s\n"
++"\n"
++msgstr "pam_authenticate 用户 [%s]: %s\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:278
+-msgid ""
+-"testing pam_chauthtok\n"
++msgid "testing pam_chauthtok\n"
++"\n"
++msgstr "testing pam_chauthtok\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:280
+ #, c-format
+-msgid ""
+-"pam_chauthtok: %s\n"
++msgid "pam_chauthtok: %s\n"
++"\n"
++msgstr "pam_chauthtok: %s\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:282
+-msgid ""
+-"testing pam_acct_mgmt\n"
++msgid "testing pam_acct_mgmt\n"
++"\n"
++msgstr "测试 pam_acct_mgmt\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:284
+ #, c-format
+-msgid ""
+-"pam_acct_mgmt: %s\n"
++msgid "pam_acct_mgmt: %s\n"
++"\n"
++msgstr "pam_acct_mgmt: %s\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:286
+-msgid ""
+-"testing pam_setcred\n"
++msgid "testing pam_setcred\n"
++"\n"
++msgstr "测试 pam_setcred\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:288
+ #, c-format
+-msgid ""
+-"pam_setcred: [%s]\n"
++msgid "pam_setcred: [%s]\n"
++"\n"
++msgstr "pam_setcred: [%s]\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:290
+-msgid ""
+-"testing pam_open_session\n"
++msgid "testing pam_open_session\n"
++"\n"
++msgstr "测试 pam_open_session\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:292
+ #, c-format
+-msgid ""
+-"pam_open_session: %s\n"
++msgid "pam_open_session: %s\n"
++"\n"
++msgstr "pam_open_session: %s\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:294
+-msgid ""
+-"testing pam_close_session\n"
++msgid "testing pam_close_session\n"
++"\n"
++msgstr "testing pam_close_session\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:296
+ #, c-format
+-msgid ""
+-"pam_close_session: %s\n"
++msgid "pam_close_session: %s\n"
++"\n"
++msgstr "pam_close_session: %s\n"
+ "\n"
+-msgstr ""
+
+ #: src/tools/sssctl/sssctl_user_checks.c:298
+ msgid "unknown action\n"
+-msgstr ""
++msgstr "未知操作\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:301
+ msgid "PAM Environment:\n"
+-msgstr ""
++msgstr "PAM 环境:\n"
+
+ #: src/tools/sssctl/sssctl_user_checks.c:309
+ msgid " - no env -\n"
+-msgstr ""
++msgstr " -没有环境-\n"
+
+ #: src/util/util.h:82
+ msgid "The user ID to run the server as"
+-msgstr ""
++msgstr "运行服务器的用户 ID"
+
+ #: src/util/util.h:84
+ msgid "The group ID to run the server as"
+-msgstr ""
++msgstr "运行服务器的组 ID"
+
+ #: src/util/util.h:92
+ msgid "Informs that the responder has been socket-activated"
+-msgstr ""
++msgstr "通知响应者已被套接字激活"
+
+ #: src/util/util.h:94
+ msgid "Informs that the responder has been dbus-activated"
+-msgstr ""
+-
+-#~ msgid "Set the verbosity of the debug logging"
+-#~ msgstr "设定调试日志记录等级"
+-
+-#~ msgid "Include timestamps in debug logs"
+-#~ msgstr "在调试日志中包含时间戳"
+-
+-#~ msgid "Write debug messages to logfiles"
+-#~ msgstr "写入调试信息到日志文件"
+-
+-#~ msgid "Command to start service"
+-#~ msgstr "启动服务命令"
+-
+-#~ msgid "IPA server address"
+-#~ msgstr "IPA 服务器地址"
+-
+-#~ msgid "Address of backup IPA server"
+-#~ msgstr "IPA 备份服务器地址"
+-
+-#~ msgid "Kerberos server address"
+-#~ msgstr "Kerberos 服务器地址"
+-
+-#~ msgid "Authentication timeout"
+-#~ msgstr "验证超时"
++msgstr "通知响应者已被 dbus 激活"
+--
+2.21.3
+
diff --git a/SOURCES/0037-Updated-translation-files-Japanese-Chinese-China-Fre.patch b/SOURCES/0037-Updated-translation-files-Japanese-Chinese-China-Fre.patch
new file mode 100644
index 0000000..81d4709
--- /dev/null
+++ b/SOURCES/0037-Updated-translation-files-Japanese-Chinese-China-Fre.patch
@@ -0,0 +1,1537 @@
+From 7de6754738f61080b3520c4c7add6d627877eb27 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 24 Jul 2020 12:13:39 +0200
+Subject: [PATCH] Updated translation files: Japanese, Chinese (China), French
+
+---
+ po/fr.po | 152 +++++++++++++++++++++++++++++++++++-----------
+ po/ja.po | 124 +++++++++++++++++++++-----------------
+ po/zh_CN.po | 170 +++++++++++++++++++++++++++-------------------------
+ 3 files changed, 277 insertions(+), 169 deletions(-)
+
+diff --git a/po/fr.po b/po/fr.po
+index 198c757e8..6119909e9 100644
+--- a/po/fr.po
++++ b/po/fr.po
+@@ -1,13 +1,12 @@
+ # SOME DESCRIPTIVE TITLE.
+ # Copyright (C) YEAR Red Hat, Inc.
+ # This file is distributed under the same license as the PACKAGE package.
+-#
++#
+ # Translators:
+ # Fabien Archambault <marbolangos@gmail.com>, 2012
+ # Jérôme Fenal <jfenal@gmail.com>, 2012-2014
+ # Fabien Archambault <marbolangos@gmail.com>, 2012
+ # Mariko Vincent <dweu60@gmail.com>, 2012
+-# Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata
+ # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
+ # Ludek Janda <ljanda@redhat.com>, 2020. #zanata
+ # Pavel Brezina <pbrezina@redhat.com>, 2020. #zanata
+@@ -19,8 +18,8 @@ msgstr ""
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+-"PO-Revision-Date: 2020-05-19 10:07+0000\n"
+-"Last-Translator: Pavel Brezina <pbrezina@redhat.com>\n"
++"PO-Revision-Date: 2020-07-22 07:46-0400\n"
++"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
+ "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/fr/"
+ ")\n"
+ "Language: fr\n"
+@@ -84,12 +83,18 @@ msgid ""
+ "is in seconds and calculated by the following: offline_timeout + "
+ "random_offset."
+ msgstr ""
++"Lorsque le SSSD passe en mode hors ligne, le temps qui s’écoule avant qu'il "
++"ne tente de se reconnecter augmente en fonction du temps passé hors ligne. "
++"Cette valeur est exprimée en secondes et calculée comme suit : "
++"offline_timeout + random_offset."
+
+ #: src/config/SSSDConfig/sssdoptions.py:38
+ msgid ""
+ "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+ "version 2."
+ msgstr ""
++"Indique la syntaxe du fichier de configuration. Pour SSSD 0.6.0 ou "
++"supérieure utiliser la version 2."
+
+ #: src/config/SSSDConfig/sssdoptions.py:39
+ msgid "SSSD Services to start"
+@@ -154,6 +159,8 @@ msgid ""
+ "Controls if SSSD should monitor the state of resolv.conf to identify when it "
+ "needs to update its internal DNS resolver."
+ msgstr ""
++"Contrôle si le SSSD doit surveiller l'état de resolv.conf pour identifier "
++"quand il doit mettre à jour son résolveur DNS interne."
+
+ #: src/config/SSSDConfig/sssdoptions.py:54
+ msgid ""
+@@ -162,6 +169,10 @@ msgid ""
+ "this, and will fall back to polling resolv.conf every five seconds if "
+ "inotify cannot be used."
+ msgstr ""
++"Le SSSD surveille l'état de resolv.conf afin d'identifier quand il doit "
++"mettre à jour son résolveur DNS interne. Par défaut, nous essaierons "
++"d'utiliser inotify pour cela, et par défaut, resolv.conf sera interrogé "
++"toutes les cinq secondes si inotify ne peut pas être utilisé."
+
+ #: src/config/SSSDConfig/sssdoptions.py:59
+ msgid "Enumeration cache timeout length (seconds)"
+@@ -250,12 +261,16 @@ msgid ""
+ "The value of this option will be used in the expansion of the "
+ "override_homedir option if the template contains the format string %H."
+ msgstr ""
++"La valeur de cette option sera utilisée dans l'extension de l'option "
++"override_homedir si le modèle contient la chaîne de format %H."
+
+ #: src/config/SSSDConfig/sssdoptions.py:77
+ msgid ""
+ "Specifies time in seconds for which the list of subdomains will be "
+ "considered valid."
+ msgstr ""
++"Spécifie la durée en secondes pendant laquelle la liste de sous-domaines est "
++"jugée valide."
+
+ #: src/config/SSSDConfig/sssdoptions.py:79
+ msgid ""
+@@ -263,6 +278,9 @@ msgid ""
+ "if they are requested beyond a percentage of the entry_cache_timeout value "
+ "for the domain."
+ msgstr ""
++"La valeur du cache peut être définie pour mettre à jour automatiquement les "
++"entrées en arrière plan si la requête ne dépasse pas un pourcentage de la "
++"valeur de entry_cache_timeout pour le domaine."
+
+ #: src/config/SSSDConfig/sssdoptions.py:84
+ msgid "How long to allow cached logins between online logins (days)"
+@@ -359,7 +377,7 @@ msgstr ""
+
+ #: src/config/SSSDConfig/sssdoptions.py:103
+ msgid "When shall the PAM responder force an initgroups request"
+-msgstr ""
++msgstr "Quand le répondeur de PAM doit-il forcer une demande d'initgroupes"
+
+ #: src/config/SSSDConfig/sssdoptions.py:106
+ msgid "Whether to evaluate the time-based attributes in sudo rules"
+@@ -520,6 +538,10 @@ msgid ""
+ "- No users are recorded. some - Users/groups specified by users and groups "
+ "options are recorded. all - All users are recorded."
+ msgstr ""
++"Une des chaînes suivantes spécifiant l'étendue de l'enregistrement de la "
++"session : none - Aucun utilisateur n'est enregistré. some - Les utilisateurs/"
++"groupes spécifiés par les options des utilisateurs et des groupes sont "
++"enregistrés. all - Tous les utilisateurs sont enregistrés."
+
+ #: src/config/SSSDConfig/sssdoptions.py:157
+ msgid ""
+@@ -527,6 +549,10 @@ msgid ""
+ "Matches user names as returned by NSS. I.e. after the possible space "
+ "replacement, case changes, etc."
+ msgstr ""
++"Une liste d'utilisateurs, séparés par des virgules, dont l'enregistrement de "
++"session devrait être activé. Correspond aux noms d'utilisateurs renvoyés par "
++"le NSS. C'est-à-dire après le remplacement éventuel de l'espace, les "
++"changements de casse, etc."
+
+ #: src/config/SSSDConfig/sssdoptions.py:159
+ msgid ""
+@@ -534,6 +560,10 @@ msgid ""
+ "recording enabled. Matches group names as returned by NSS. I.e. after the "
+ "possible space replacement, case changes, etc."
+ msgstr ""
++"Une liste de groupes séparés par des virgules, dont les membres doivent "
++"avoir l'enregistrement de session activé. Correspond aux noms des groupes "
++"renvoyés par le NSS, c-à-d après le remplacement éventuel de l'espace, les "
++"changements de cas, etc."
+
+ #: src/config/SSSDConfig/sssdoptions.py:164
+ msgid "Identity provider"
+@@ -573,7 +603,7 @@ msgstr "Fournisseur de gestion de session"
+
+ #: src/config/SSSDConfig/sssdoptions.py:173
+ msgid "Resolver provider"
+-msgstr ""
++msgstr "Fournisseur de résolveurs"
+
+ #: src/config/SSSDConfig/sssdoptions.py:176
+ msgid "Whether the domain is usable by the OS or by applications"
+@@ -733,24 +763,30 @@ msgstr ""
+
+ #: src/config/SSSDConfig/sssdoptions.py:215
+ msgid "Display a warning N days before the password expires."
+-msgstr ""
++msgstr "Afficher une alerte N jours avant l'expiration du mot de passe."
+
+ #: src/config/SSSDConfig/sssdoptions.py:216
+ msgid ""
+ "Various tags stored by the realmd configuration service for this domain."
+ msgstr ""
++"Étiquettes diverses stockées par le service de configuration de realmd pour "
++"ce domaine."
+
+ #: src/config/SSSDConfig/sssdoptions.py:217
+ msgid ""
+ "The provider which should handle fetching of subdomains. This value should "
+ "be always the same as id_provider."
+ msgstr ""
++"Le fournisseur doit être capable de gérer la récupération des sous-domaines. "
++"Cette valeur doit être toujours identique à id_provider."
+
+ #: src/config/SSSDConfig/sssdoptions.py:219
+ msgid ""
+ "How many seconds to keep a host ssh key after refresh. IE how long to cache "
+ "the host key for."
+ msgstr ""
++"La durée en secondes pendant laquelle conserver une clé ssh d'hôte après "
++"rafraichissement. I.e. combien de temps mettre la clé en cache."
+
+ #: src/config/SSSDConfig/sssdoptions.py:221
+ msgid ""
+@@ -758,6 +794,11 @@ msgid ""
+ "this value determines the minimal length the first authentication factor "
+ "(long term password) must have to be saved as SHA512 hash into the cache."
+ msgstr ""
++"Si l'authentification à 2 facteurs (2FA) est utilisée et que les "
++"informations d'identification sont sauvegardées, cette valeur détermine la "
++"longueur minimale à laquelle le premier facteur d'authentification (mot de "
++"passe à long terme) doit être sauvegardé en tant que hachage SHA512 dans le "
++"cache."
+
+ #: src/config/SSSDConfig/sssdoptions.py:227
+ msgid "IPA domain"
+@@ -871,116 +912,140 @@ msgstr ""
+
+ #: src/config/SSSDConfig/sssdoptions.py:256
+ msgid "The LDAP attribute that contains FQDN of the host."
+-msgstr ""
++msgstr "L'attribut LDAP qui contient le FQDN de l'hôte."
+
+ #: src/config/SSSDConfig/sssdoptions.py:257
+ #: src/config/SSSDConfig/sssdoptions.py:280
+ msgid "The object class of a host entry in LDAP."
+-msgstr ""
++msgstr "La classe d'objet d'une entrée utilisateur dans LDAP."
+
+ #: src/config/SSSDConfig/sssdoptions.py:258
+ msgid "Use the given string as search base for host objects."
+ msgstr ""
++"Utiliser la chaîne donnée comme base de recherche pour héberger des objets."
+
+ #: src/config/SSSDConfig/sssdoptions.py:259
+ msgid "The LDAP attribute that contains the host's SSH public keys."
+-msgstr ""
++msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'hôte."
+
+ #: src/config/SSSDConfig/sssdoptions.py:260
+ msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+-msgstr ""
++msgstr "L'attribut LDAP qui contient le nom de domaine NIS du netgroup."
+
+ #: src/config/SSSDConfig/sssdoptions.py:261
+ msgid "The LDAP attribute that contains the names of the netgroup's members."
+-msgstr ""
++msgstr "L'attribut LDAP contenant les noms des membres du netgroup."
+
+ #: src/config/SSSDConfig/sssdoptions.py:262
+ msgid ""
+ "The LDAP attribute that lists FQDNs of hosts and host groups that are "
+ "members of the netgroup."
+ msgstr ""
++"L'attribut LDAP qui répertorie les FQDN des hôtes et des groupes d'hôtes qui "
++"sont membres du netgroup."
+
+ #: src/config/SSSDConfig/sssdoptions.py:264
+ msgid ""
+ "The LDAP attribute that lists hosts and host groups that are direct members "
+ "of the netgroup."
+ msgstr ""
++"L'attribut LDAP qui répertorie les hôtes et les groupes d'hôtes qui sont des "
++"membres directs du netgroup."
+
+ #: src/config/SSSDConfig/sssdoptions.py:266
+ msgid "The LDAP attribute that lists netgroup's memberships."
+-msgstr ""
++msgstr "L'attribut LDAP qui répertorie les adhésions au netgroup."
+
+ #: src/config/SSSDConfig/sssdoptions.py:267
+ msgid ""
+ "The LDAP attribute that lists system users and groups that are direct "
+ "members of the netgroup."
+ msgstr ""
++"L'attribut LDAP qui répertorie les utilisateurs du système et les groupes "
++"qui sont des membres directs du netgroup."
+
+ #: src/config/SSSDConfig/sssdoptions.py:269
+ msgid "The LDAP attribute that corresponds to the netgroup name."
+-msgstr ""
++msgstr "L'attribut LDAP correspondant au nom du netgroup."
+
+ #: src/config/SSSDConfig/sssdoptions.py:270
+ msgid "The object class of a netgroup entry in LDAP."
+-msgstr ""
++msgstr "La classe d'objet d'une entrée de netgroup dans LDAP."
+
+ #: src/config/SSSDConfig/sssdoptions.py:271
+ msgid ""
+ "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
+-msgstr ""
++msgstr "L'attribut LDAP qui contient l'UUID/GUID d'un objet de netgroup LDAP."
+
+ #: src/config/SSSDConfig/sssdoptions.py:272
+ msgid ""
+ "The LDAP attribute that contains whether or not is user map enabled for "
+ "usage."
+ msgstr ""
++"L'attribut LDAP qui contient l’information de savoir si la carte "
++"d'utilisateur est activée ou non pour l'utilisation."
+
+ #: src/config/SSSDConfig/sssdoptions.py:274
+ msgid "The LDAP attribute that contains host category such as 'all'."
+-msgstr ""
++msgstr "L'attribut LDAP qui contient la catégorie d'hôte telle que \"all\"."
+
+ #: src/config/SSSDConfig/sssdoptions.py:275
+ msgid ""
+ "The LDAP attribute that contains all hosts / hostgroups this rule match "
+ "against."
+ msgstr ""
++"L'attribut LDAP qui contient tous les hôtes / groupes d'hôtes auxquels cette "
++"règle correspond."
+
+ #: src/config/SSSDConfig/sssdoptions.py:277
+ msgid ""
+ "The LDAP attribute that contains all users / groups this rule match against."
+ msgstr ""
++"L'attribut LDAP qui contient tous les utilisateurs / groupes auxquels cette "
++"règle correspond."
+
+ #: src/config/SSSDConfig/sssdoptions.py:279
+ msgid "The LDAP attribute that contains the name of SELinux usermap."
+ msgstr ""
++"L'attribut LDAP qui contient le nom de la carte d'utilisateur SELinux."
+
+ #: src/config/SSSDConfig/sssdoptions.py:281
+ msgid ""
+ "The LDAP attribute that contains DN of HBAC rule which can be used for "
+ "matching instead of memberUser and memberHost."
+ msgstr ""
++"L'attribut LDAP qui contient le DN de la règle HBAC qui peut être utilisé "
++"pour la correspondance au lieu de memberUser et memberHost."
+
+ #: src/config/SSSDConfig/sssdoptions.py:283
+ msgid "The LDAP attribute that contains SELinux user string itself."
+ msgstr ""
++"L'attribut LDAP qui contient la chaîne d'utilisateur SELinux elle-même."
+
+ #: src/config/SSSDConfig/sssdoptions.py:284
+ msgid "The LDAP attribute that contains user category such as 'all'."
+ msgstr ""
++"L'attribut LDAP qui contient la catégorie d'utilisateur telle que \"all\"."
+
+ #: src/config/SSSDConfig/sssdoptions.py:285
+ msgid "The LDAP attribute that contains unique ID of the user map."
+ msgstr ""
++"L'attribut LDAP qui contient l'ID unique de la carte de l'utilisateur."
+
+ #: src/config/SSSDConfig/sssdoptions.py:286
+ msgid ""
+ "The option denotes that the SSSD is running on IPA server and should perform "
+ "lookups of users and groups from trusted domains differently."
+ msgstr ""
++"L'option indique que le SSSD fonctionne sur le serveur IPA et qu’il doit "
++"effectuer différemment les recherches des utilisateurs et des groupes des "
++"domaines approuvés."
+
+ #: src/config/SSSDConfig/sssdoptions.py:288
+ msgid "Use the given string as search base for trusted domains."
+ msgstr ""
++"Utiliser la chaîne donnée comme base de recherche pour les domaines "
++"approuvés."
+
+ #: src/config/SSSDConfig/sssdoptions.py:291
+ msgid "Active Directory domain"
+@@ -1099,6 +1164,8 @@ msgstr "Option de réglage de la tâche de renouvellement du compte machine"
+ #: src/config/SSSDConfig/sssdoptions.py:315
+ msgid "Whether to update the machine account password in the Samba database"
+ msgstr ""
++"Indique s'il faut mettre à jour le mot de passe du compte de la machine dans "
++"la base de données Samba"
+
+ #: src/config/SSSDConfig/sssdoptions.py:317
+ msgid "Use LDAPS port for LDAP and Global Catalog requests"
+@@ -1330,6 +1397,8 @@ msgid ""
+ "Allows to retain local users as members of an LDAP group for servers that "
+ "use the RFC2307 schema."
+ msgstr ""
++"Permet de conserver les utilisateurs locaux en tant que membres d'un groupe "
++"LDAP pour les serveurs qui utilisent le schéma RFC2307."
+
+ #: src/config/SSSDConfig/sssdoptions.py:384
+ msgid "entryUSN attribute"
+@@ -1596,11 +1665,11 @@ msgstr "Le niveau d'imbrication maximal du SSSD suivra"
+
+ #: src/config/SSSDConfig/sssdoptions.py:454
+ msgid "Filter for group lookups"
+-msgstr ""
++msgstr "Filtre pour les recherches de groupes"
+
+ #: src/config/SSSDConfig/sssdoptions.py:455
+ msgid "Scope of group lookups"
+-msgstr ""
++msgstr "Portée des recherches de groupe"
+
+ #: src/config/SSSDConfig/sssdoptions.py:457
+ msgid "Base DN for netgroup lookups"
+@@ -1853,47 +1922,47 @@ msgstr "Base DN pour les requêtes de carte de montage automatique"
+
+ #: src/config/SSSDConfig/sssdoptions.py:529
+ msgid "The name of the automount master map in LDAP."
+-msgstr ""
++msgstr "Le nom de la table de montage automatique maîtresse dans LDAP."
+
+ #: src/config/SSSDConfig/sssdoptions.py:532
+ msgid "Base DN for IP hosts lookups"
+-msgstr ""
++msgstr "DN de base pour la recherche d'hôtes IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:533
+ msgid "Object class for IP hosts"
+-msgstr ""
++msgstr "Classe d'objet pour les hôtes IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:534
+ msgid "IP host name attribute"
+-msgstr ""
++msgstr "Attribut du nom d'hôte IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:535
+ msgid "IP host number (address) attribute"
+-msgstr ""
++msgstr "Attribut (adresse) du numéro d'hôte IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:536
+ msgid "IP host entryUSN attribute"
+-msgstr ""
++msgstr "Attribut entryUSN d’hôte IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:537
+ msgid "Base DN for IP networks lookups"
+-msgstr ""
++msgstr "DN de base pour la recherche de réseaux IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:538
+ msgid "Object class for IP networks"
+-msgstr ""
++msgstr "Classe d'objets pour les réseaux IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:539
+ msgid "IP network name attribute"
+-msgstr ""
++msgstr "Attribut du nom du réseau IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:540
+ msgid "IP network number (address) attribute"
+-msgstr ""
++msgstr "Attribut (adresse) du numéro de réseau IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:541
+ msgid "IP network entryUSN attribute"
+-msgstr ""
++msgstr "Attribut entryUSN de réseau IP"
+
+ #: src/config/SSSDConfig/sssdoptions.py:544
+ msgid "Comma separated list of allowed users"
+@@ -1908,6 +1977,9 @@ msgid ""
+ "Comma separated list of groups that are allowed to log in. This applies only "
+ "to groups within this SSSD domain. Local groups are not evaluated."
+ msgstr ""
++"Liste séparée par des virgules de groupes autorisés à se connecter. Ceci ne "
++"s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont "
++"pas pris en compte."
+
+ #: src/config/SSSDConfig/sssdoptions.py:548
+ msgid ""
+@@ -1915,6 +1987,9 @@ msgid ""
+ "applies only to groups within this SSSD domain. Local groups are not "
+ "evaluated."
+ msgstr ""
++"Liste séparée par des virgules de groupes dont l'accès sera refusé. Ceci ne "
++"s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont "
++"pas pris en compte."
+
+ #: src/config/SSSDConfig/sssdoptions.py:552
+ msgid "Base for home directories"
+@@ -1923,26 +1998,32 @@ msgstr "Base pour les répertoires utilisateur"
+ #: src/config/SSSDConfig/sssdoptions.py:553
+ msgid "Indicate if a home directory should be created for new users."
+ msgstr ""
++"Indiquez si un répertoire d'accueil doit être créé pour les nouveaux "
++"utilisateurs."
+
+ #: src/config/SSSDConfig/sssdoptions.py:554
+ msgid "Indicate if a home directory should be removed for deleted users."
+ msgstr ""
++"Indiquez si un répertoire d’accueil doit être supprimé pour les utilisateurs "
++"supprimés."
+
+ #: src/config/SSSDConfig/sssdoptions.py:555
+ msgid "Specify the default permissions on a newly created home directory."
+ msgstr ""
++"Indiquez les autorisations par défaut sur un répertoire d'accueil "
++"nouvellement créé."
+
+ #: src/config/SSSDConfig/sssdoptions.py:556
+ msgid "The skeleton directory."
+-msgstr ""
++msgstr "Le répertoire skeleton."
+
+ #: src/config/SSSDConfig/sssdoptions.py:557
+ msgid "The mail spool directory."
+-msgstr ""
++msgstr "Le répertoire mail spool."
+
+ #: src/config/SSSDConfig/sssdoptions.py:558
+ msgid "The command that is run after a user is removed."
+-msgstr ""
++msgstr "La commande qui est exécutée après la suppression d'un utilisateur."
+
+ #: src/config/SSSDConfig/sssdoptions.py:561
+ msgid "The number of preforked proxy children."
+@@ -1955,6 +2036,8 @@ msgstr "Nom de la bibliothèque NSS à utiliser"
+ #: src/config/SSSDConfig/sssdoptions.py:565
+ msgid "The name of the NSS library to use for hosts and networks lookups"
+ msgstr ""
++"Le nom de la bibliothèque du NSS à utiliser pour les recherches réseaux et "
++"hôtes"
+
+ #: src/config/SSSDConfig/sssdoptions.py:566
+ msgid "Whether to look up canonical group name from cache if possible"
+@@ -2934,7 +3017,7 @@ msgstr ""
+ #: src/tools/sssctl/sssctl_config.c:127
+ #, c-format
+ msgid "Failed to load configuration from %s.\n"
+-msgstr ""
++msgstr "Impossible de charger la configuration à partir de %s.\n"
+
+ #: src/tools/sssctl/sssctl_config.c:133
+ msgid "Error while reading configuration directory.\n"
+@@ -3363,3 +3446,4 @@ msgstr "Informe que le répondeur a été activé par un socket"
+ #: src/util/util.h:94
+ msgid "Informs that the responder has been dbus-activated"
+ msgstr "Informe que le répondeur a été activé par un dbus"
++
+diff --git a/po/ja.po b/po/ja.po
+index a5156184c..7dc9157d3 100644
+--- a/po/ja.po
++++ b/po/ja.po
+@@ -1,7 +1,7 @@
+ # SOME DESCRIPTIVE TITLE.
+ # Copyright (C) YEAR Red Hat, Inc.
+ # This file is distributed under the same license as the PACKAGE package.
+-#
++#
+ # Translators:
+ # Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
+ # Noriko Mizumoto <noriko.mizumoto@gmail.com>, 2016. #zanata
+@@ -16,8 +16,8 @@ msgstr ""
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+-"PO-Revision-Date: 2020-06-18 09:13+0000\n"
+-"Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
++"PO-Revision-Date: 2020-07-22 07:46-0400\n"
++"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
+ "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
+ "ja/)\n"
+ "Language: ja\n"
+@@ -76,6 +76,9 @@ msgid ""
+ "is in seconds and calculated by the following: offline_timeout + "
+ "random_offset."
+ msgstr ""
++"SSSD "
++"がオフラインモードに切り替わると、オンラインに戻ろうとするまでの時間が、切断の時間に基づいて長くなります。この値は秒単位で、offline_timeout "
++"+ random_offset で計算されます。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:38
+ msgid ""
+@@ -144,6 +147,7 @@ msgid ""
+ "Controls if SSSD should monitor the state of resolv.conf to identify when it "
+ "needs to update its internal DNS resolver."
+ msgstr ""
++"内部 DNS リゾルバーを更新する必要があるときを判断するために SSSD が resolv.conf の状態を監視するかどうかを制御します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:54
+ msgid ""
+@@ -231,12 +235,13 @@ msgid ""
+ "The value of this option will be used in the expansion of the "
+ "override_homedir option if the template contains the format string %H."
+ msgstr ""
++"このオプションの値は、テンプレートに書式文字列 %H を含んでいる場合に override_homedir オプションの拡張で使用されます。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:77
+ msgid ""
+ "Specifies time in seconds for which the list of subdomains will be "
+ "considered valid."
+-msgstr ""
++msgstr "サブドメインのリストが有効とみなされる時間を秒単位で指定します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:79
+ msgid ""
+@@ -326,7 +331,7 @@ msgstr "スマートカード認証向けのデバイスの選択を PKCS#11 URI
+
+ #: src/config/SSSDConfig/sssdoptions.py:103
+ msgid "When shall the PAM responder force an initgroups request"
+-msgstr ""
++msgstr "PAM レスポンダーが initgroups リクエストを強制するとき"
+
+ #: src/config/SSSDConfig/sssdoptions.py:106
+ msgid "Whether to evaluate the time-based attributes in sudo rules"
+@@ -467,6 +472,8 @@ msgid ""
+ "- No users are recorded. some - Users/groups specified by users and groups "
+ "options are recorded. all - All users are recorded."
+ msgstr ""
++"セッション記録の範囲を指定する以下の文字列の 1 つ: none: 記録されたユーザーはいません。some: "
++"ユーザーとグループオプションによって指定されているユーザー/グループが記録されています。all: すべてのユーザーが記録されます。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:157
+ msgid ""
+@@ -474,6 +481,8 @@ msgid ""
+ "Matches user names as returned by NSS. I.e. after the possible space "
+ "replacement, case changes, etc."
+ msgstr ""
++"セッション記録を有効にしておくべきユーザーのカンマ区切りのリストです。NSS "
++"が返すユーザー名にマッチします。つまり、スペースの置換、大文字小文字の変更などの可能性がある場合には、その後になります。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:159
+ msgid ""
+@@ -481,6 +490,8 @@ msgid ""
+ "recording enabled. Matches group names as returned by NSS. I.e. after the "
+ "possible space replacement, case changes, etc."
+ msgstr ""
++"セッション記録を有効にしておくべきユーザーのグループごとのカンマ区切りのリストです。NSS "
++"が返すグループ名にマッチします。つまり、スペースの置換、大文字小文字の変更などの可能性がある場合には、その後になります。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:164
+ msgid "Identity provider"
+@@ -520,7 +531,7 @@ msgstr "セッションマネージャーのプロバイダー"
+
+ #: src/config/SSSDConfig/sssdoptions.py:173
+ msgid "Resolver provider"
+-msgstr ""
++msgstr "リゾルバープロバイダ"
+
+ #: src/config/SSSDConfig/sssdoptions.py:176
+ msgid "Whether the domain is usable by the OS or by applications"
+@@ -665,19 +676,19 @@ msgstr "Display a warning N days before the password expires."
+ #: src/config/SSSDConfig/sssdoptions.py:216
+ msgid ""
+ "Various tags stored by the realmd configuration service for this domain."
+-msgstr ""
++msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:217
+ msgid ""
+ "The provider which should handle fetching of subdomains. This value should "
+ "be always the same as id_provider."
+-msgstr ""
++msgstr "サブドメインの取得を処理する必要のあるプロバイダー。この値は常に id_provider と同じでなければなりません。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:219
+ msgid ""
+ "How many seconds to keep a host ssh key after refresh. IE how long to cache "
+ "the host key for."
+-msgstr ""
++msgstr "リフレッシュ後にホストの ssh 鍵を保持するには何秒かかるか。IE ホストキーを何秒キャッシュするか。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:221
+ msgid ""
+@@ -685,6 +696,8 @@ msgid ""
+ "this value determines the minimal length the first authentication factor "
+ "(long term password) must have to be saved as SHA512 hash into the cache."
+ msgstr ""
++"2-Factor-Authentication (2FA) が使用され、認証情報を保存する必要がある場合、この値は、最初の認証要素 (長期パスワード) "
++"を SHA512 ハッシュとしてキャッシュに保存する必要がある最小の長さを決定します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:227
+ msgid "IPA domain"
+@@ -788,24 +801,24 @@ msgstr "最後の要求がルールを何も見つけなかった場合の IPA
+
+ #: src/config/SSSDConfig/sssdoptions.py:256
+ msgid "The LDAP attribute that contains FQDN of the host."
+-msgstr ""
++msgstr "ホストの FQDN を含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:257
+ #: src/config/SSSDConfig/sssdoptions.py:280
+ msgid "The object class of a host entry in LDAP."
+-msgstr ""
++msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:258
+ msgid "Use the given string as search base for host objects."
+-msgstr ""
++msgstr "ホストオブジェクトの検索ベースとして与えられた文字列を使用します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:259
+ msgid "The LDAP attribute that contains the host's SSH public keys."
+-msgstr ""
++msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:260
+ msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+-msgstr ""
++msgstr "ネットグループの NIS ドメイン名を含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:261
+ msgid "The LDAP attribute that contains the names of the netgroup's members."
+@@ -815,89 +828,91 @@ msgstr "The LDAP attribute that contains the names of the netgroup's members."
+ msgid ""
+ "The LDAP attribute that lists FQDNs of hosts and host groups that are "
+ "members of the netgroup."
+-msgstr ""
++msgstr "ネットグループのメンバーであるホストとホストグループの FQDN を一覧表示する LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:264
+ msgid ""
+ "The LDAP attribute that lists hosts and host groups that are direct members "
+ "of the netgroup."
+-msgstr ""
++msgstr "ネットグループの直接のメンバーであるホストとホストグループを一覧表示する LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:266
+ msgid "The LDAP attribute that lists netgroup's memberships."
+-msgstr ""
++msgstr "ネットグループのメンバーシップを一覧表示する LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:267
+ msgid ""
+ "The LDAP attribute that lists system users and groups that are direct "
+ "members of the netgroup."
+-msgstr ""
++msgstr "ネットグループの直接のメンバーであるシステムユーザーとグループを一覧表示する LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:269
+ msgid "The LDAP attribute that corresponds to the netgroup name."
+-msgstr ""
++msgstr "ネットワークグループ名に対応する LDAP 属性です。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:270
+ msgid "The object class of a netgroup entry in LDAP."
+-msgstr ""
++msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:271
+ msgid ""
+ "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
+-msgstr ""
++msgstr "LDAP ネットグループオブジェクトの UUID/GUID を含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:272
+ msgid ""
+ "The LDAP attribute that contains whether or not is user map enabled for "
+ "usage."
+-msgstr ""
++msgstr "使用のためにユーザーマップが有効になっているかどうかを含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:274
+ msgid "The LDAP attribute that contains host category such as 'all'."
+-msgstr ""
++msgstr "'all' などのホストカテゴリを含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:275
+ msgid ""
+ "The LDAP attribute that contains all hosts / hostgroups this rule match "
+ "against."
+-msgstr ""
++msgstr "このルールがマッチするすべてのホスト/ホストグループを含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:277
+ msgid ""
+ "The LDAP attribute that contains all users / groups this rule match against."
+-msgstr ""
++msgstr "このルールがマッチするすべてのユーザー/グループを含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:279
+ msgid "The LDAP attribute that contains the name of SELinux usermap."
+-msgstr ""
++msgstr "SELinux usermap の名前を含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:281
+ msgid ""
+ "The LDAP attribute that contains DN of HBAC rule which can be used for "
+ "matching instead of memberUser and memberHost."
+-msgstr ""
++msgstr "memberUser および memberHost の代わりにマッチングに使用できる HBAC ルールの DN を含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:283
+ msgid "The LDAP attribute that contains SELinux user string itself."
+-msgstr ""
++msgstr "SELinuxのユーザー文字列そのものを含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:284
+ msgid "The LDAP attribute that contains user category such as 'all'."
+-msgstr ""
++msgstr "'all' などのユーザーカテゴリーを含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:285
+ msgid "The LDAP attribute that contains unique ID of the user map."
+-msgstr ""
++msgstr "ユーザーマップの一意の ID を含む LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:286
+ msgid ""
+ "The option denotes that the SSSD is running on IPA server and should perform "
+ "lookups of users and groups from trusted domains differently."
+ msgstr ""
++"このオプションは、SSSD が IPA "
++"サーバー上で実行されており、信頼されたドメインからのユーザーとグループの検索を異なる方法で実行する必要があることを示します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:288
+ msgid "Use the given string as search base for trusted domains."
+-msgstr ""
++msgstr "信頼されたドメインに対する検索ベースとして、与えられた文字列を使用します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:291
+ msgid "Active Directory domain"
+@@ -995,7 +1010,7 @@ msgstr "マシンアカウントの更新タスクをチューニングするオ
+
+ #: src/config/SSSDConfig/sssdoptions.py:315
+ msgid "Whether to update the machine account password in the Samba database"
+-msgstr ""
++msgstr "Samba データベースのマシンアカウントパスワードを更新するかどうか"
+
+ #: src/config/SSSDConfig/sssdoptions.py:317
+ msgid "Use LDAPS port for LDAP and Global Catalog requests"
+@@ -1217,7 +1232,7 @@ msgstr "LDAP ライブラリーが SASL バインド中にホスト名を正規
+ msgid ""
+ "Allows to retain local users as members of an LDAP group for servers that "
+ "use the RFC2307 schema."
+-msgstr ""
++msgstr "RFC2307 スキーマを使用するサーバーの LDAP グループのメンバーとしてローカルユーザーを保持することができます。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:384
+ msgid "entryUSN attribute"
+@@ -1475,11 +1490,11 @@ msgstr "SSSD が従う最大ネストレベル"
+
+ #: src/config/SSSDConfig/sssdoptions.py:454
+ msgid "Filter for group lookups"
+-msgstr ""
++msgstr "グループ検索のフィルター"
+
+ #: src/config/SSSDConfig/sssdoptions.py:455
+ msgid "Scope of group lookups"
+-msgstr ""
++msgstr "グループ検索の範囲"
+
+ #: src/config/SSSDConfig/sssdoptions.py:457
+ msgid "Base DN for netgroup lookups"
+@@ -1716,47 +1731,47 @@ msgstr "automonter のマップ検索のベース DN"
+
+ #: src/config/SSSDConfig/sssdoptions.py:529
+ msgid "The name of the automount master map in LDAP."
+-msgstr ""
++msgstr "LDAP のオートマウントマスターマップの名前。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:532
+ msgid "Base DN for IP hosts lookups"
+-msgstr ""
++msgstr "IP ホストのルックアップのためのベース DN"
+
+ #: src/config/SSSDConfig/sssdoptions.py:533
+ msgid "Object class for IP hosts"
+-msgstr ""
++msgstr "IP ホストのオブジェクトクラス"
+
+ #: src/config/SSSDConfig/sssdoptions.py:534
+ msgid "IP host name attribute"
+-msgstr ""
++msgstr "IP ホスト名属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:535
+ msgid "IP host number (address) attribute"
+-msgstr ""
++msgstr "IP ホスト番号 (アドレス) 属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:536
+ msgid "IP host entryUSN attribute"
+-msgstr ""
++msgstr "IP ホストエントリー USN 属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:537
+ msgid "Base DN for IP networks lookups"
+-msgstr ""
++msgstr "IP ネットワーク検索のためのベース DN"
+
+ #: src/config/SSSDConfig/sssdoptions.py:538
+ msgid "Object class for IP networks"
+-msgstr ""
++msgstr "IP ネットワークのオブジェクトクラス"
+
+ #: src/config/SSSDConfig/sssdoptions.py:539
+ msgid "IP network name attribute"
+-msgstr ""
++msgstr "IP ネットワーク名属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:540
+ msgid "IP network number (address) attribute"
+-msgstr ""
++msgstr "IP ネットワーク番号 (アドレス) 属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:541
+ msgid "IP network entryUSN attribute"
+-msgstr ""
++msgstr "IP ネットワークエントリー USN 属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:544
+ msgid "Comma separated list of allowed users"
+@@ -1790,27 +1805,27 @@ msgstr "ホームディレクトリーのベース"
+
+ #: src/config/SSSDConfig/sssdoptions.py:553
+ msgid "Indicate if a home directory should be created for new users."
+-msgstr ""
++msgstr "新しいユーザーのためにホームディレクトリーを作成するかどうかを示します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:554
+ msgid "Indicate if a home directory should be removed for deleted users."
+-msgstr ""
++msgstr "削除されたユーザーのホームディレクトリーを削除するかどうかを示します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:555
+ msgid "Specify the default permissions on a newly created home directory."
+-msgstr ""
++msgstr "新しく作成したホームディレクトリーのデフォルトのパーミッションを指定します。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:556
+ msgid "The skeleton directory."
+-msgstr ""
++msgstr "スケルトンディレクトリー。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:557
+ msgid "The mail spool directory."
+-msgstr ""
++msgstr "メールスプールディレクトリー。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:558
+ msgid "The command that is run after a user is removed."
+-msgstr ""
++msgstr "ユーザーが削除された後に実行されるコマンド。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:561
+ msgid "The number of preforked proxy children."
+@@ -1822,7 +1837,7 @@ msgstr "使用する NSS ライブラリーの名前"
+
+ #: src/config/SSSDConfig/sssdoptions.py:565
+ msgid "The name of the NSS library to use for hosts and networks lookups"
+-msgstr ""
++msgstr "ホストやネットワークの検索に使用する NSS ライブラリの名前"
+
+ #: src/config/SSSDConfig/sssdoptions.py:566
+ msgid "Whether to look up canonical group name from cache if possible"
+@@ -2746,7 +2761,7 @@ msgstr "ファイルの所有権とパーミッションの確認に失敗しま
+ #: src/tools/sssctl/sssctl_config.c:127
+ #, c-format
+ msgid "Failed to load configuration from %s.\n"
+-msgstr ""
++msgstr "%s からの設定の読み込みに失敗しました。\n"
+
+ #: src/tools/sssctl/sssctl_config.c:133
+ msgid "Error while reading configuration directory.\n"
+@@ -3170,3 +3185,4 @@ msgstr "レスポンダーがソケットでアクティベートされたと知
+ #: src/util/util.h:94
+ msgid "Informs that the responder has been dbus-activated"
+ msgstr "レスポンダーが dbus でアクティベートされたと知らせます"
++
+diff --git a/po/zh_CN.po b/po/zh_CN.po
+index 892f81453..f33aef494 100644
+--- a/po/zh_CN.po
++++ b/po/zh_CN.po
+@@ -13,7 +13,7 @@ msgstr ""
+ "MIME-Version: 1.0\n"
+ "Content-Type: text/plain; charset=UTF-8\n"
+ "Content-Transfer-Encoding: 8bit\n"
+-"PO-Revision-Date: 2020-06-18 09:05+0000\n"
++"PO-Revision-Date: 2020-07-22 07:46-0400\n"
+ "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
+ "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
+ "language/zh_CN/)\n"
+@@ -73,12 +73,14 @@ msgid ""
+ "is in seconds and calculated by the following: offline_timeout + "
+ "random_offset."
+ msgstr ""
++"当 SSSD 切换到脱机模式时,它尝试重新上线前的时间会根据断开连接的时间而增加。这个值以秒为单位,并使用以下公式计算:offline_timeout "
++"+ random_offset。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:38
+ msgid ""
+ "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+ "version 2."
+-msgstr ""
++msgstr "表示配置文件的语法是什么。SSSD 0.6.0 及以后的版本使用版本 2。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:39
+ msgid "SSSD Services to start"
+@@ -138,7 +140,7 @@ msgstr "要查询的域的特定顺序"
+ msgid ""
+ "Controls if SSSD should monitor the state of resolv.conf to identify when it "
+ "needs to update its internal DNS resolver."
+-msgstr ""
++msgstr "控制 SSSD 是否应监控 resolv.conf 的状态,以确定何时需要更新其内部 DNS 解析器。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:54
+ msgid ""
+@@ -147,6 +149,8 @@ msgid ""
+ "this, and will fall back to polling resolv.conf every five seconds if "
+ "inotify cannot be used."
+ msgstr ""
++"SSSD 监视 resolv.conf 的状态,以确定何时需要更新其内部的 DNS 解析器。默认情况下,我们会尝试使用 inotify "
++"进行。如果不能使用 inotify,则会回到每五秒轮询一次 resolv.conf 的状态。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:59
+ msgid "Enumeration cache timeout length (seconds)"
+@@ -221,20 +225,20 @@ msgstr "内存缓存记录有效期的长度"
+ msgid ""
+ "The value of this option will be used in the expansion of the "
+ "override_homedir option if the template contains the format string %H."
+-msgstr ""
++msgstr "如果模板中包含格式字符串%H,那么这个选项的值将被用于 override_homedir 选项的扩展。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:77
+ msgid ""
+ "Specifies time in seconds for which the list of subdomains will be "
+ "considered valid."
+-msgstr ""
++msgstr "指定子域列表被视为有效的时间,以秒为单位。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:79
+ msgid ""
+ "The entry cache can be set to automatically update entries in the background "
+ "if they are requested beyond a percentage of the entry_cache_timeout value "
+ "for the domain."
+-msgstr ""
++msgstr "条目缓存可以设置为在后台自动更新条目,如果被请求的时间超过域名的 entry_cache_timeout 值的一个百分比。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:84
+ msgid "How long to allow cached logins between online logins (days)"
+@@ -304,17 +308,17 @@ msgstr "允许服务使用智能卡"
+
+ #: src/config/SSSDConfig/sssdoptions.py:101
+ msgid "Additional timeout to wait for a card if requested"
+-msgstr ""
++msgstr "等待卡的额外超时,如果请求。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:102
+ msgid ""
+ "PKCS#11 URI to restrict the selection of devices for Smartcard "
+ "authentication"
+-msgstr ""
++msgstr "PKCS#11 URI,用于限制智能卡认证设备的选择。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:103
+ msgid "When shall the PAM responder force an initgroups request"
+-msgstr ""
++msgstr "什么时候 PAM 响应者要强制发起 initgroups 请求?"
+
+ #: src/config/SSSDConfig/sssdoptions.py:106
+ msgid "Whether to evaluate the time-based attributes in sudo rules"
+@@ -346,13 +350,13 @@ msgstr "到可信 CA 证书存储的路径"
+
+ #: src/config/SSSDConfig/sssdoptions.py:119
+ msgid "Allow to generate ssh-keys from certificates"
+-msgstr ""
++msgstr "允许从证书中生成 ssh-keys。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:120
+ msgid ""
+ "Use the following matching rules to filter the certificates for ssh-key "
+ "generation"
+-msgstr ""
++msgstr "使用以下匹配规则来过滤生成 ssh-key 的证书。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:124
+ msgid "List of UIDs or user names allowed to access the PAC responder"
+@@ -455,20 +459,21 @@ msgid ""
+ "- No users are recorded. some - Users/groups specified by users and groups "
+ "options are recorded. all - All users are recorded."
+ msgstr ""
++"使用以下字符串之一指定会话记录范围: none - 不记录用户。 some - 记录由用户和组选项指定的用户和组。 all - 记录所有用户。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:157
+ msgid ""
+ "A comma-separated list of users which should have session recording enabled. "
+ "Matches user names as returned by NSS. I.e. after the possible space "
+ "replacement, case changes, etc."
+-msgstr ""
++msgstr "以逗号分隔的用户列表,这些用户应该启用会话记录。匹配 NSS 返回的用户名。在可能的空格替换、大小写更改等之后。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:159
+ msgid ""
+ "A comma-separated list of groups, members of which should have session "
+ "recording enabled. Matches group names as returned by NSS. I.e. after the "
+ "possible space replacement, case changes, etc."
+-msgstr ""
++msgstr "以逗号分隔的组列表,其成员应已启用会话记录。匹配NSS 返回的组名。在可能的空格替换、大小写改变等之后。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:164
+ msgid "Identity provider"
+@@ -508,7 +513,7 @@ msgstr "会话管理提供者"
+
+ #: src/config/SSSDConfig/sssdoptions.py:173
+ msgid "Resolver provider"
+-msgstr ""
++msgstr "解析器提供者"
+
+ #: src/config/SSSDConfig/sssdoptions.py:176
+ msgid "Whether the domain is usable by the OS or by applications"
+@@ -562,11 +567,11 @@ msgstr "上次成功登录后保留缓存条目的时间(天)"
+ msgid ""
+ "How long should SSSD talk to single DNS server before trying next server "
+ "(miliseconds)"
+-msgstr ""
++msgstr "在尝试下一个服务器之前,SSSD 应该与一个 DNS 服务器联系多久(毫秒)?"
+
+ #: src/config/SSSDConfig/sssdoptions.py:188
+ msgid "How long should keep trying to resolve single DNS query (seconds)"
+-msgstr ""
++msgstr "尝试解析单个 DNS 查询需要多长时间(秒)?"
+
+ #: src/config/SSSDConfig/sssdoptions.py:189
+ msgid "How long to wait for replies from DNS when resolving servers (seconds)"
+@@ -648,24 +653,24 @@ msgstr "是否自动为用户创建私人组"
+
+ #: src/config/SSSDConfig/sssdoptions.py:215
+ msgid "Display a warning N days before the password expires."
+-msgstr ""
++msgstr "在密码过期前 N 天显示一个警告。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:216
+ msgid ""
+ "Various tags stored by the realmd configuration service for this domain."
+-msgstr ""
++msgstr "realmd 配置服务为这个域存储的各种标签。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:217
+ msgid ""
+ "The provider which should handle fetching of subdomains. This value should "
+ "be always the same as id_provider."
+-msgstr ""
++msgstr "应该处理子域获取的提供者,这个值应始终和 id_provider 相同。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:219
+ msgid ""
+ "How many seconds to keep a host ssh key after refresh. IE how long to cache "
+ "the host key for."
+-msgstr ""
++msgstr "刷新后主机 ssh 密钥要保留多少秒。IE 缓存主机密钥多长时间。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:221
+ msgid ""
+@@ -673,6 +678,8 @@ msgid ""
+ "this value determines the minimal length the first authentication factor "
+ "(long term password) must have to be saved as SHA512 hash into the cache."
+ msgstr ""
++"如果使用 2-Factor-Authentication (2FA),应该保存凭证,这个值决定了第一个认证因素((期密码)必须以SHA512 "
++"哈希值的形式保存到缓存中的最小长度。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:227
+ msgid "IPA domain"
+@@ -776,116 +783,116 @@ msgstr "当最后一个请求未找到任何规则时,针对 IPA 服务器的D
+
+ #: src/config/SSSDConfig/sssdoptions.py:256
+ msgid "The LDAP attribute that contains FQDN of the host."
+-msgstr ""
++msgstr "包含主机 FQDN 的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:257
+ #: src/config/SSSDConfig/sssdoptions.py:280
+ msgid "The object class of a host entry in LDAP."
+-msgstr ""
++msgstr "LDAP 中主机条目的对象类。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:258
+ msgid "Use the given string as search base for host objects."
+-msgstr ""
++msgstr "使用给定的字符串作为主机对象的搜索基础。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:259
+ msgid "The LDAP attribute that contains the host's SSH public keys."
+-msgstr ""
++msgstr "包含主机 SSH 公钥的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:260
+ msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+-msgstr ""
++msgstr "包含 netgroup 的 NIS 域名的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:261
+ msgid "The LDAP attribute that contains the names of the netgroup's members."
+-msgstr ""
++msgstr "包含 netgroup 成员名称的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:262
+ msgid ""
+ "The LDAP attribute that lists FQDNs of hosts and host groups that are "
+ "members of the netgroup."
+-msgstr ""
++msgstr "列出属于 netgroup 成员的主机和主机组的 FQDN 的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:264
+ msgid ""
+ "The LDAP attribute that lists hosts and host groups that are direct members "
+ "of the netgroup."
+-msgstr ""
++msgstr "LDAP属性,列出作为 netgroup 直接成员的主机和主机组。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:266
+ msgid "The LDAP attribute that lists netgroup's memberships."
+-msgstr ""
++msgstr "列出 netgroup 成员资格的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:267
+ msgid ""
+ "The LDAP attribute that lists system users and groups that are direct "
+ "members of the netgroup."
+-msgstr ""
++msgstr "LDAP 属性,列出作为 netgroup 直接成员的系统用户和组。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:269
+ msgid "The LDAP attribute that corresponds to the netgroup name."
+-msgstr ""
++msgstr "与 netgroup 名称相对应的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:270
+ msgid "The object class of a netgroup entry in LDAP."
+-msgstr ""
++msgstr "LDAP 中 netgroup 条目的对象类。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:271
+ msgid ""
+ "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
+-msgstr ""
++msgstr "包含 LDAP netgroup 对象的 UUID/GUID 的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:272
+ msgid ""
+ "The LDAP attribute that contains whether or not is user map enabled for "
+ "usage."
+-msgstr ""
++msgstr "包含是否启用用户映射的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:274
+ msgid "The LDAP attribute that contains host category such as 'all'."
+-msgstr ""
++msgstr "包含主机类别的 LDAP 属性,如'all'。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:275
+ msgid ""
+ "The LDAP attribute that contains all hosts / hostgroups this rule match "
+ "against."
+-msgstr ""
++msgstr "包含此规则所匹配的所有主机/主机组的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:277
+ msgid ""
+ "The LDAP attribute that contains all users / groups this rule match against."
+-msgstr ""
++msgstr "包含该规则所匹配的所有用户/组的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:279
+ msgid "The LDAP attribute that contains the name of SELinux usermap."
+-msgstr ""
++msgstr "包含 SELinux usermap 名称的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:281
+ msgid ""
+ "The LDAP attribute that contains DN of HBAC rule which can be used for "
+ "matching instead of memberUser and memberHost."
+-msgstr ""
++msgstr "包含 HBAC 规则的 DN 的 LDAP 属性,可以用来代替 memberUser 和 memberHost 进行匹配。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:283
+ msgid "The LDAP attribute that contains SELinux user string itself."
+-msgstr ""
++msgstr "包含 SELinux 用户字符串的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:284
+ msgid "The LDAP attribute that contains user category such as 'all'."
+-msgstr ""
++msgstr "包含用户类别的 LDAP 属性,如'all'。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:285
+ msgid "The LDAP attribute that contains unique ID of the user map."
+-msgstr ""
++msgstr "包含用户映射的唯一 ID 的 LDAP 属性。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:286
+ msgid ""
+ "The option denotes that the SSSD is running on IPA server and should perform "
+ "lookups of users and groups from trusted domains differently."
+-msgstr ""
++msgstr "该选项表示 SSSD 在 IPA 服务器上运行,应该以不同的方式执行来自受信任域的用户和组的查找。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:288
+ msgid "Use the given string as search base for trusted domains."
+-msgstr ""
++msgstr "使用给定的字符串作为可信域的搜索基础。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:291
+ msgid "Active Directory domain"
+@@ -983,7 +990,7 @@ msgstr "用于调整机器帐户续订任务的选项"
+
+ #: src/config/SSSDConfig/sssdoptions.py:315
+ msgid "Whether to update the machine account password in the Samba database"
+-msgstr ""
++msgstr "是否要更新 Samba 数据库中的机器账户密码?"
+
+ #: src/config/SSSDConfig/sssdoptions.py:317
+ msgid "Use LDAPS port for LDAP and Global Catalog requests"
+@@ -1205,7 +1212,7 @@ msgstr "在 SASL绑定期间,LDAP 库是否应执行反向查找以规范化
+ msgid ""
+ "Allows to retain local users as members of an LDAP group for servers that "
+ "use the RFC2307 schema."
+-msgstr ""
++msgstr "允许保留本地用户作为使用 RFC2307 模式的服务器的 LDAP 组成员。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:384
+ msgid "entryUSN attribute"
+@@ -1463,11 +1470,11 @@ msgstr "将遵循的最大嵌套级别 SSSD"
+
+ #: src/config/SSSDConfig/sssdoptions.py:454
+ msgid "Filter for group lookups"
+-msgstr ""
++msgstr "组查询的过滤器"
+
+ #: src/config/SSSDConfig/sssdoptions.py:455
+ msgid "Scope of group lookups"
+-msgstr ""
++msgstr "组查询的范围"
+
+ #: src/config/SSSDConfig/sssdoptions.py:457
+ msgid "Base DN for netgroup lookups"
+@@ -1704,47 +1711,47 @@ msgstr "自动挂载程序映射查找的基本 DN"
+
+ #: src/config/SSSDConfig/sssdoptions.py:529
+ msgid "The name of the automount master map in LDAP."
+-msgstr ""
++msgstr "LDAP 中自动挂载主映射的名称。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:532
+ msgid "Base DN for IP hosts lookups"
+-msgstr ""
++msgstr "IP 主机查询的基础 DN"
+
+ #: src/config/SSSDConfig/sssdoptions.py:533
+ msgid "Object class for IP hosts"
+-msgstr ""
++msgstr "IP 主机的对象类"
+
+ #: src/config/SSSDConfig/sssdoptions.py:534
+ msgid "IP host name attribute"
+-msgstr ""
++msgstr "IP 主机名属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:535
+ msgid "IP host number (address) attribute"
+-msgstr ""
++msgstr "IP 主机号(地址)属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:536
+ msgid "IP host entryUSN attribute"
+-msgstr ""
++msgstr "IP 主机 entryUSN 属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:537
+ msgid "Base DN for IP networks lookups"
+-msgstr ""
++msgstr "IP 网络查询的基础 DN"
+
+ #: src/config/SSSDConfig/sssdoptions.py:538
+ msgid "Object class for IP networks"
+-msgstr ""
++msgstr "IP 网络的对象类"
+
+ #: src/config/SSSDConfig/sssdoptions.py:539
+ msgid "IP network name attribute"
+-msgstr ""
++msgstr "IP 网络名称属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:540
+ msgid "IP network number (address) attribute"
+-msgstr ""
++msgstr "I P网号(地址)属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:541
+ msgid "IP network entryUSN attribute"
+-msgstr ""
++msgstr "IP 网络 entryUSN 属性"
+
+ #: src/config/SSSDConfig/sssdoptions.py:544
+ msgid "Comma separated list of allowed users"
+@@ -1758,14 +1765,14 @@ msgstr "以逗号分隔的不允许的用户列表"
+ msgid ""
+ "Comma separated list of groups that are allowed to log in. This applies only "
+ "to groups within this SSSD domain. Local groups are not evaluated."
+-msgstr ""
++msgstr "以逗号分隔的允许登录的组的列表。这只适用于此 SSSD 域内的组。本地组不被评估。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:548
+ msgid ""
+ "Comma separated list of groups that are explicitly denied access. This "
+ "applies only to groups within this SSSD domain. Local groups are not "
+ "evaluated."
+-msgstr ""
++msgstr "以逗号分隔的明确拒绝访问的组的列表。这只适用于此 SSSD 域内的组。本地组不被评估。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:552
+ msgid "Base for home directories"
+@@ -1773,27 +1780,27 @@ msgstr "家目录的基础"
+
+ #: src/config/SSSDConfig/sssdoptions.py:553
+ msgid "Indicate if a home directory should be created for new users."
+-msgstr ""
++msgstr "指定是否应该为新用户创建主目录。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:554
+ msgid "Indicate if a home directory should be removed for deleted users."
+-msgstr ""
++msgstr "指定是否要删除已删除用户的主目录。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:555
+ msgid "Specify the default permissions on a newly created home directory."
+-msgstr ""
++msgstr "指定新创建的主目录的默认权限。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:556
+ msgid "The skeleton directory."
+-msgstr ""
++msgstr "skeleton 目录。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:557
+ msgid "The mail spool directory."
+-msgstr ""
++msgstr "邮件 spool 目录。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:558
+ msgid "The command that is run after a user is removed."
+-msgstr ""
++msgstr "用户被删除后运行的命令。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:561
+ msgid "The number of preforked proxy children."
+@@ -1805,7 +1812,7 @@ msgstr "使用的 NSS 库的名称"
+
+ #: src/config/SSSDConfig/sssdoptions.py:565
+ msgid "The name of the NSS library to use for hosts and networks lookups"
+-msgstr ""
++msgstr "用于查询主机和网络的 NSS 库名称。"
+
+ #: src/config/SSSDConfig/sssdoptions.py:566
+ msgid "Whether to look up canonical group name from cache if possible"
+@@ -1846,7 +1853,7 @@ msgstr "刷新配置数据库,然后退出"
+
+ #: src/monitor/monitor.c:2383
+ msgid "Similar to --genconf, but only refreshes the given section"
+-msgstr ""
++msgstr "类似于 --genconf,但只刷新指定的部分。"
+
+ #: src/monitor/monitor.c:2386
+ msgid "Print version number and exit"
+@@ -1934,11 +1941,11 @@ msgstr "SSSD 没有由 root 运行。"
+
+ #: src/sss_client/common.c:1091
+ msgid "SSSD socket does not exist."
+-msgstr ""
++msgstr "SSSD socket 不存在。"
+
+ #: src/sss_client/common.c:1094
+ msgid "Cannot get stat of SSSD socket."
+-msgstr ""
++msgstr "无法获取 SSSD socket 的统计数据。"
+
+ #: src/sss_client/common.c:1099
+ msgid "An error occurred, but no description can be found."
+@@ -2711,12 +2718,12 @@ msgstr "使用组 ID 搜索"
+ #: src/tools/sssctl/sssctl_config.c:112
+ #, c-format
+ msgid "Failed to open %s\n"
+-msgstr ""
++msgstr "打开失败:%s\n"
+
+ #: src/tools/sssctl/sssctl_config.c:117
+ #, c-format
+ msgid "File %1$s does not exist.\n"
+-msgstr ""
++msgstr "文件 %1$s 不存在\n"
+
+ #: src/tools/sssctl/sssctl_config.c:121
+ msgid ""
+@@ -2726,21 +2733,21 @@ msgstr "文件所有权和权限检查失败。预期的是 root:root 和 0600
+ #: src/tools/sssctl/sssctl_config.c:127
+ #, c-format
+ msgid "Failed to load configuration from %s.\n"
+-msgstr ""
++msgstr "从 %s 加载配置失败。\n"
+
+ #: src/tools/sssctl/sssctl_config.c:133
+ msgid "Error while reading configuration directory.\n"
+-msgstr ""
++msgstr "读取配置目录时出错。\n"
+
+ #: src/tools/sssctl/sssctl_config.c:141
+ msgid ""
+ "There is no configuration. SSSD will use default configuration with files "
+ "provider.\n"
+-msgstr ""
++msgstr "没有配置。SSSD 将使用默认配置与文件提供者。\n"
+
+ #: src/tools/sssctl/sssctl_config.c:153
+ msgid "Failed to run validators"
+-msgstr ""
++msgstr "运行验证器失败"
+
+ #: src/tools/sssctl/sssctl_config.c:157
+ #, c-format
+@@ -2755,7 +2762,7 @@ msgstr "配置合并期间生成的消息: %zu\n"
+ #: src/tools/sssctl/sssctl_config.c:179
+ #, c-format
+ msgid "Used configuration snippet files: %zu\n"
+-msgstr ""
++msgstr "所使用的配置摘要文件: %zu\n"
+
+ #: src/tools/sssctl/sssctl_data.c:89
+ #, c-format
+@@ -2834,7 +2841,7 @@ msgstr "显示域列表,包括主要或受信任的域类型"
+ #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
+ #: src/tools/sssctl/sssctl_user_checks.c:95
+ msgid "Unable to connect to system bus!\n"
+-msgstr ""
++msgstr "无法连接到系统总线!\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:167
+ msgid "Online"
+@@ -2851,7 +2858,7 @@ msgstr "在线状态: %s\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:213
+ msgid "This domain has no active servers.\n"
+-msgstr ""
++msgstr "这个域没有活跃的服务器。\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:218
+ msgid "Active servers:\n"
+@@ -2863,7 +2870,7 @@ msgstr "未连接"
+
+ #: src/tools/sssctl/sssctl_domains.c:267
+ msgid "No servers discovered.\n"
+-msgstr ""
++msgstr "没有发现服务器。\n"
+
+ #: src/tools/sssctl/sssctl_domains.c:273
+ #, c-format
+@@ -3150,3 +3157,4 @@ msgstr "通知响应者已被套接字激活"
+ #: src/util/util.h:94
+ msgid "Informs that the responder has been dbus-activated"
+ msgstr "通知响应者已被 dbus 激活"
++
+--
+2.21.3
+
diff --git a/SOURCES/0038-sssctl-sssctl-config-check-alternative-snippet-dir.patch b/SOURCES/0038-sssctl-sssctl-config-check-alternative-snippet-dir.patch
new file mode 100644
index 0000000..c4aa6ad
--- /dev/null
+++ b/SOURCES/0038-sssctl-sssctl-config-check-alternative-snippet-dir.patch
@@ -0,0 +1,63 @@
+From 72b8e02c77f0b0b7e36663fa3bd3fd6987ea1b80 Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Mon, 13 Jul 2020 18:11:40 +0200
+Subject: [PATCH] sssctl: sssctl config-check alternative snippet dir
+
+The sssctl config-check now allows to specify not only alternative
+config file but also snippet dir.
+
+ sssctl config-check -c ./sssd.conf -s /etc/sssd/conf.d
+
+Configuration snippets are still looked up in the same place under
+conf.d directory by default. It would be in ./conf.d/ for the example
+above.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5142
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/tools/sssctl/sssctl_config.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
+index de9f3de6e..db4aeeae4 100644
+--- a/src/tools/sssctl/sssctl_config.c
++++ b/src/tools/sssctl/sssctl_config.c
+@@ -75,6 +75,11 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ struct poptOption long_options[] = {
+ {"config", 'c', POPT_ARG_STRING, &config_path,
+ 0, _("Specify a non-default config file"), NULL},
++ {"snippet", 's', POPT_ARG_STRING, &config_snippet_path,
++ 0, _("Specify a non-default snippet dir (The default is to look in "
++ "the same place where the main config file is located. For "
++ "example if the config is set to \"/my/path/sssd.conf\", "
++ "the snippet dir \"/my/path/conf.d\" is used)"), NULL},
+ POPT_TABLEEND
+ };
+
+@@ -92,16 +97,17 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ goto done;
+ }
+
+- if (config_path != NULL) {
++ if (config_path == NULL) {
++ config_path = SSSD_CONFIG_FILE;
++ }
++
++ if (config_snippet_path == NULL) {
+ config_snippet_path = sssctl_config_snippet_path(tmp_ctx, config_path);
+ if (config_snippet_path == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create snippet path\n");
+ ret = ENOMEM;
+ goto done;
+ }
+- } else {
+- config_path = SSSD_CONFIG_FILE;
+- config_snippet_path = CONFDB_DEFAULT_CONFIG_DIR;
+ }
+
+ ret = sss_ini_read_sssd_conf(init_data,
+--
+2.21.3
+
diff --git a/SOURCES/0039-certmap-sanitize-LDAP-search-filter.patch b/SOURCES/0039-certmap-sanitize-LDAP-search-filter.patch
new file mode 100644
index 0000000..909222b
--- /dev/null
+++ b/SOURCES/0039-certmap-sanitize-LDAP-search-filter.patch
@@ -0,0 +1,651 @@
+From a2b9a84460429181f2a4fa7e2bb5ab49fd561274 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 9 Dec 2019 11:31:14 +0100
+Subject: [PATCH] certmap: sanitize LDAP search filter
+
+The sss_certmap_get_search_filter() will now sanitize the values read
+from the certificates before adding them to a search filter. To be able
+to get the plain values as well sss_certmap_expand_mapping_rule() is
+added.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5135
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ Makefile.am | 2 +-
+ src/lib/certmap/sss_certmap.c | 42 ++++++++++--
+ src/lib/certmap/sss_certmap.exports | 5 ++
+ src/lib/certmap/sss_certmap.h | 35 ++++++++--
+ src/responder/pam/pamsrv_p11.c | 5 +-
+ src/tests/cmocka/test_certmap.c | 98 +++++++++++++++++++++++++++-
+ src/util/util.c | 94 ---------------------------
+ src/util/util_ext.c | 99 +++++++++++++++++++++++++++++
+ 8 files changed, 272 insertions(+), 108 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 059e1eaf6..4bacabdda 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2163,7 +2163,7 @@ libsss_certmap_la_LIBADD = \
+ $(NULL)
+ libsss_certmap_la_LDFLAGS = \
+ -Wl,--version-script,$(srcdir)/src/lib/certmap/sss_certmap.exports \
+- -version-info 1:0:1
++ -version-info 2:0:2
+
+ if HAVE_NSS
+ libsss_certmap_la_SOURCES += \
+diff --git a/src/lib/certmap/sss_certmap.c b/src/lib/certmap/sss_certmap.c
+index 703782b53..f19e57732 100644
+--- a/src/lib/certmap/sss_certmap.c
++++ b/src/lib/certmap/sss_certmap.c
+@@ -441,10 +441,12 @@ static int expand_san(struct sss_certmap_ctx *ctx,
+ static int expand_template(struct sss_certmap_ctx *ctx,
+ struct parsed_template *parsed_template,
+ struct sss_cert_content *cert_content,
++ bool sanitize,
+ char **expanded)
+ {
+ int ret;
+ char *exp = NULL;
++ char *exp_sanitized = NULL;
+
+ if (strcmp("issuer_dn", parsed_template->name) == 0) {
+ ret = rdn_list_2_dn_str(ctx, parsed_template->conversion,
+@@ -455,6 +457,8 @@ static int expand_template(struct sss_certmap_ctx *ctx,
+ } else if (strncmp("subject_", parsed_template->name, 8) == 0) {
+ ret = expand_san(ctx, parsed_template, cert_content->san_list, &exp);
+ } else if (strcmp("cert", parsed_template->name) == 0) {
++ /* cert blob is already sanitized */
++ sanitize = false;
+ ret = expand_cert(ctx, parsed_template, cert_content, &exp);
+ } else {
+ CM_DEBUG(ctx, "Unsupported template name.");
+@@ -471,6 +475,16 @@ static int expand_template(struct sss_certmap_ctx *ctx,
+ goto done;
+ }
+
++ if (sanitize) {
++ ret = sss_filter_sanitize(ctx, exp, &exp_sanitized);
++ if (ret != EOK) {
++ CM_DEBUG(ctx, "Failed to sanitize expanded template.");
++ goto done;
++ }
++ talloc_free(exp);
++ exp = exp_sanitized;
++ }
++
+ ret = 0;
+
+ done:
+@@ -485,7 +499,7 @@ done:
+
+ static int get_filter(struct sss_certmap_ctx *ctx,
+ struct ldap_mapping_rule *parsed_mapping_rule,
+- struct sss_cert_content *cert_content,
++ struct sss_cert_content *cert_content, bool sanitize,
+ char **filter)
+ {
+ struct ldap_mapping_rule_comp *comp;
+@@ -503,7 +517,7 @@ static int get_filter(struct sss_certmap_ctx *ctx,
+ result = talloc_strdup_append(result, comp->val);
+ } else if (comp->type == comp_template) {
+ ret = expand_template(ctx, comp->parsed_template, cert_content,
+- &expanded);
++ sanitize, &expanded);
+ if (ret != 0) {
+ CM_DEBUG(ctx, "Failed to expanded template.");
+ goto done;
+@@ -791,8 +805,9 @@ done:
+ return ret;
+ }
+
+-int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
++static int expand_mapping_rule_ex(struct sss_certmap_ctx *ctx,
+ const uint8_t *der_cert, size_t der_size,
++ bool sanitize,
+ char **_filter, char ***_domains)
+ {
+ int ret;
+@@ -819,7 +834,8 @@ int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
+ return EINVAL;
+ }
+
+- ret = get_filter(ctx, ctx->default_mapping_rule, cert_content, &filter);
++ ret = get_filter(ctx, ctx->default_mapping_rule, cert_content, sanitize,
++ &filter);
+ goto done;
+ }
+
+@@ -829,7 +845,7 @@ int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
+ if (ret == 0) {
+ /* match */
+ ret = get_filter(ctx, r->parsed_mapping_rule, cert_content,
+- &filter);
++ sanitize, &filter);
+ if (ret != 0) {
+ CM_DEBUG(ctx, "Failed to get filter");
+ goto done;
+@@ -873,6 +889,22 @@ done:
+ return ret;
+ }
+
++int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
++ const uint8_t *der_cert, size_t der_size,
++ char **_filter, char ***_domains)
++{
++ return expand_mapping_rule_ex(ctx, der_cert, der_size, true,
++ _filter, _domains);
++}
++
++int sss_certmap_expand_mapping_rule(struct sss_certmap_ctx *ctx,
++ const uint8_t *der_cert, size_t der_size,
++ char **_expanded, char ***_domains)
++{
++ return expand_mapping_rule_ex(ctx, der_cert, der_size, false,
++ _expanded, _domains);
++}
++
+ int sss_certmap_init(TALLOC_CTX *mem_ctx,
+ sss_certmap_ext_debug *debug, void *debug_priv,
+ struct sss_certmap_ctx **ctx)
+diff --git a/src/lib/certmap/sss_certmap.exports b/src/lib/certmap/sss_certmap.exports
+index a9e48d6d0..7d7667738 100644
+--- a/src/lib/certmap/sss_certmap.exports
++++ b/src/lib/certmap/sss_certmap.exports
+@@ -16,3 +16,8 @@ SSS_CERTMAP_0.1 {
+ global:
+ sss_certmap_display_cert_content;
+ } SSS_CERTMAP_0.0;
++
++SSS_CERTMAP_0.2 {
++ global:
++ sss_certmap_expand_mapping_rule;
++} SSS_CERTMAP_0.1;
+diff --git a/src/lib/certmap/sss_certmap.h b/src/lib/certmap/sss_certmap.h
+index 7da2d1c58..058d4f9e4 100644
+--- a/src/lib/certmap/sss_certmap.h
++++ b/src/lib/certmap/sss_certmap.h
+@@ -103,7 +103,7 @@ int sss_certmap_add_rule(struct sss_certmap_ctx *ctx,
+ *
+ * @param[in] ctx certmap context previously initialized with
+ * @ref sss_certmap_init
+- * @param[in] der_cert binary blog with the DER encoded certificate
++ * @param[in] der_cert binary blob with the DER encoded certificate
+ * @param[in] der_size size of the certificate blob
+ *
+ * @return
+@@ -119,10 +119,11 @@ int sss_certmap_match_cert(struct sss_certmap_ctx *ctx,
+ *
+ * @param[in] ctx certmap context previously initialized with
+ * @ref sss_certmap_init
+- * @param[in] der_cert binary blog with the DER encoded certificate
++ * @param[in] der_cert binary blob with the DER encoded certificate
+ * @param[in] der_size size of the certificate blob
+- * @param[out] filter LDAP filter string, caller should free the data by
+- * calling sss_certmap_free_filter_and_domains
++ * @param[out] filter LDAP filter string, expanded templates are sanitized,
++ * caller should free the data by calling
++ * sss_certmap_free_filter_and_domains
+ * @param[out] domains NULL-terminated array of strings with the domains the
+ * rule applies, caller should free the data by calling
+ * sss_certmap_free_filter_and_domains
+@@ -136,8 +137,32 @@ int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
+ const uint8_t *der_cert, size_t der_size,
+ char **filter, char ***domains);
+
++/**
++ * @brief Expand the mapping rule by replacing the templates
++ *
++ * @param[in] ctx certmap context previously initialized with
++ * @ref sss_certmap_init
++ * @param[in] der_cert binary blob with the DER encoded certificate
++ * @param[in] der_size size of the certificate blob
++ * @param[out] expanded expanded mapping rule, templates are filled in
++ * verbatim in contrast to sss_certmap_get_search_filter,
++ * caller should free the data by
++ * calling sss_certmap_free_filter_and_domains
++ * @param[out] domains NULL-terminated array of strings with the domains the
++ * rule applies, caller should free the data by calling
++ * sss_certmap_free_filter_and_domains
++ *
++ * @return
++ * - 0: certificate matches a rule
++ * - ENOENT: certificate does not match
++ * - EINVAL: internal error
++ */
++int sss_certmap_expand_mapping_rule(struct sss_certmap_ctx *ctx,
++ const uint8_t *der_cert, size_t der_size,
++ char **_expanded, char ***_domains);
+ /**
+ * @brief Free data returned by @ref sss_certmap_get_search_filter
++ * and @ref sss_certmap_expand_mapping_rule
+ *
+ * @param[in] filter LDAP filter strings returned by
+ * sss_certmap_get_search_filter
+@@ -150,7 +175,7 @@ void sss_certmap_free_filter_and_domains(char *filter, char **domains);
+ * @brief Get a string with the content of the certificate used by the library
+ *
+ * @param[in] mem_ctx Talloc memory context, may be NULL
+- * @param[in] der_cert binary blog with the DER encoded certificate
++ * @param[in] der_cert binary blob with the DER encoded certificate
+ * @param[in] der_size size of the certificate blob
+ * @param[out] desc Multiline string showing the certificate content
+ * which is used by libsss_certmap
+diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
+index 3f0afaeff..cdf239e07 100644
+--- a/src/responder/pam/pamsrv_p11.c
++++ b/src/responder/pam/pamsrv_p11.c
+@@ -1049,9 +1049,10 @@ static char *get_cert_prompt(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
+- ret = sss_certmap_get_search_filter(ctx, der, der_size, &filter, &domains);
++ ret = sss_certmap_expand_mapping_rule(ctx, der, der_size,
++ &filter, &domains);
+ if (ret != 0) {
+- DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_get_search_filter failed.\n");
++ DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_expand_mapping_rule failed.\n");
+ goto done;
+ }
+
+diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c
+index c882202a0..232ff7878 100644
+--- a/src/tests/cmocka/test_certmap.c
++++ b/src/tests/cmocka/test_certmap.c
+@@ -1431,6 +1431,15 @@ static void test_sss_certmap_get_search_filter(void **state)
+ &filter, &domains);
+ assert_int_equal(ret, 0);
+ assert_non_null(filter);
++ assert_string_equal(filter, "rule100=<I>CN=Certificate\\20Authority,O=IPA.DEVEL"
++ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
++ assert_null(domains);
++
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
++ sizeof(test_cert_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
+ assert_string_equal(filter, "rule100=<I>CN=Certificate Authority,O=IPA.DEVEL"
+ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
+ assert_null(domains);
+@@ -1445,6 +1454,17 @@ static void test_sss_certmap_get_search_filter(void **state)
+ &filter, &domains);
+ assert_int_equal(ret, 0);
+ assert_non_null(filter);
++ assert_string_equal(filter, "rule99=<I>CN=Certificate\\20Authority,O=IPA.DEVEL"
++ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
++ assert_non_null(domains);
++ assert_string_equal(domains[0], "test.dom");
++ assert_null(domains[1]);
++
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
++ sizeof(test_cert_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
+ assert_string_equal(filter, "rule99=<I>CN=Certificate Authority,O=IPA.DEVEL"
+ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
+ assert_non_null(domains);
+@@ -1466,6 +1486,16 @@ static void test_sss_certmap_get_search_filter(void **state)
+ assert_string_equal(domains[0], "test.dom");
+ assert_null(domains[1]);
+
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
++ sizeof(test_cert_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
++ assert_string_equal(filter, "rule98=userCertificate;binary=" TEST_CERT_BIN);
++ assert_non_null(domains);
++ assert_string_equal(domains[0], "test.dom");
++ assert_null(domains[1]);
++
+ ret = sss_certmap_add_rule(ctx, 97,
+ "KRB5:<ISSUER>CN=Certificate Authority,O=IPA.DEVEL",
+ "LDAP:rule97=<I>{issuer_dn!nss_x500}<S>{subject_dn}",
+@@ -1476,6 +1506,17 @@ static void test_sss_certmap_get_search_filter(void **state)
+ &filter, &domains);
+ assert_int_equal(ret, 0);
+ assert_non_null(filter);
++ assert_string_equal(filter, "rule97=<I>O=IPA.DEVEL,CN=Certificate\\20Authority"
++ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
++ assert_non_null(domains);
++ assert_string_equal(domains[0], "test.dom");
++ assert_null(domains[1]);
++
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
++ sizeof(test_cert_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
+ assert_string_equal(filter, "rule97=<I>O=IPA.DEVEL,CN=Certificate Authority"
+ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
+ assert_non_null(domains);
+@@ -1492,6 +1533,17 @@ static void test_sss_certmap_get_search_filter(void **state)
+ &filter, &domains);
+ assert_int_equal(ret, 0);
+ assert_non_null(filter);
++ assert_string_equal(filter, "rule96=<I>O=IPA.DEVEL,CN=Certificate\\20Authority"
++ "<S>O=IPA.DEVEL,CN=ipa-devel.ipa.devel");
++ assert_non_null(domains);
++ assert_string_equal(domains[0], "test.dom");
++ assert_null(domains[1]);
++
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
++ sizeof(test_cert_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
+ assert_string_equal(filter, "rule96=<I>O=IPA.DEVEL,CN=Certificate Authority"
+ "<S>O=IPA.DEVEL,CN=ipa-devel.ipa.devel");
+ assert_non_null(domains);
+@@ -1510,6 +1562,14 @@ static void test_sss_certmap_get_search_filter(void **state)
+ assert_string_equal(filter, "(userCertificate;binary=" TEST_CERT_BIN ")");
+ assert_null(domains);
+
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
++ sizeof(test_cert_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
++ assert_string_equal(filter, "(userCertificate;binary=" TEST_CERT_BIN ")");
++ assert_null(domains);
++
+ ret = sss_certmap_add_rule(ctx, 94,
+ "KRB5:<ISSUER>CN=Certificate Authority,O=IPA.DEVEL",
+ "LDAP:rule94=<I>{issuer_dn!ad_x500}<S>{subject_dn!ad_x500}",
+@@ -1520,12 +1580,22 @@ static void test_sss_certmap_get_search_filter(void **state)
+ &filter, &domains);
+ assert_int_equal(ret, 0);
+ assert_non_null(filter);
+- assert_string_equal(filter, "rule94=<I>O=IPA.DEVEL,CN=Certificate Authority"
++ assert_string_equal(filter, "rule94=<I>O=IPA.DEVEL,CN=Certificate\\20Authority"
+ "<S>O=IPA.DEVEL,CN=ipa-devel.ipa.devel");
+ assert_non_null(domains);
+ assert_string_equal(domains[0], "test.dom");
+ assert_null(domains[1]);
+
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
++ sizeof(test_cert_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
++ assert_string_equal(filter, "rule94=<I>O=IPA.DEVEL,CN=Certificate Authority"
++ "<S>O=IPA.DEVEL,CN=ipa-devel.ipa.devel");
++ assert_non_null(domains);
++ assert_string_equal(domains[0], "test.dom");
++ assert_null(domains[1]);
+
+ ret = sss_certmap_add_rule(ctx, 89, NULL,
+ "(rule89={subject_nt_principal})",
+@@ -1539,6 +1609,14 @@ static void test_sss_certmap_get_search_filter(void **state)
+ assert_string_equal(filter, "(rule89=tu1@ad.devel)");
+ assert_null(domains);
+
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert2_der),
++ sizeof(test_cert2_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
++ assert_string_equal(filter, "(rule89=tu1@ad.devel)");
++ assert_null(domains);
++
+ ret = sss_certmap_add_rule(ctx, 88, NULL,
+ "(rule88={subject_nt_principal.short_name})",
+ NULL);
+@@ -1560,6 +1638,15 @@ static void test_sss_certmap_get_search_filter(void **state)
+ &filter, &domains);
+ assert_int_equal(ret, 0);
+ assert_non_null(filter);
++ assert_string_equal(filter, "rule87=<I>DC=devel,DC=ad,CN=ad-AD-SERVER-CA"
++ "<S>DC=devel,DC=ad,CN=Users,CN=t\\20u,E=test.user@email.domain");
++ assert_null(domains);
++
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert2_der),
++ sizeof(test_cert2_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
+ assert_string_equal(filter, "rule87=<I>DC=devel,DC=ad,CN=ad-AD-SERVER-CA"
+ "<S>DC=devel,DC=ad,CN=Users,CN=t u,E=test.user@email.domain");
+ assert_null(domains);
+@@ -1573,6 +1660,15 @@ static void test_sss_certmap_get_search_filter(void **state)
+ &filter, &domains);
+ assert_int_equal(ret, 0);
+ assert_non_null(filter);
++ assert_string_equal(filter, "rule86=<I>DC=devel,DC=ad,CN=ad-AD-SERVER-CA"
++ "<S>DC=devel,DC=ad,CN=Users,CN=t\\20u,E=test.user@email.domain");
++ assert_null(domains);
++
++ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert2_der),
++ sizeof(test_cert2_der),
++ &filter, &domains);
++ assert_int_equal(ret, 0);
++ assert_non_null(filter);
+ assert_string_equal(filter, "rule86=<I>DC=devel,DC=ad,CN=ad-AD-SERVER-CA"
+ "<S>DC=devel,DC=ad,CN=Users,CN=t u,E=test.user@email.domain");
+ assert_null(domains);
+diff --git a/src/util/util.c b/src/util/util.c
+index d9bd3cb59..19d447328 100644
+--- a/src/util/util.c
++++ b/src/util/util.c
+@@ -436,100 +436,6 @@ errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count,
+ return sss_hash_create_ex(mem_ctx, count, tbl, 0, 0, 0, 0, NULL, NULL);
+ }
+
+-errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
+- const char *input,
+- char **sanitized,
+- const char *ignore)
+-{
+- char *output;
+- size_t i = 0;
+- size_t j = 0;
+- char *allowed;
+-
+- /* Assume the worst-case. We'll resize it later, once */
+- output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1);
+- if (!output) {
+- return ENOMEM;
+- }
+-
+- while (input[i]) {
+- /* Even though this character might have a special meaning, if it's
+- * explicitly allowed, just copy it and move on
+- */
+- if (ignore == NULL) {
+- allowed = NULL;
+- } else {
+- allowed = strchr(ignore, input[i]);
+- }
+- if (allowed) {
+- output[j++] = input[i++];
+- continue;
+- }
+-
+- switch(input[i]) {
+- case '\t':
+- output[j++] = '\\';
+- output[j++] = '0';
+- output[j++] = '9';
+- break;
+- case ' ':
+- output[j++] = '\\';
+- output[j++] = '2';
+- output[j++] = '0';
+- break;
+- case '*':
+- output[j++] = '\\';
+- output[j++] = '2';
+- output[j++] = 'a';
+- break;
+- case '(':
+- output[j++] = '\\';
+- output[j++] = '2';
+- output[j++] = '8';
+- break;
+- case ')':
+- output[j++] = '\\';
+- output[j++] = '2';
+- output[j++] = '9';
+- break;
+- case '\\':
+- output[j++] = '\\';
+- output[j++] = '5';
+- output[j++] = 'c';
+- break;
+- case '\r':
+- output[j++] = '\\';
+- output[j++] = '0';
+- output[j++] = 'd';
+- break;
+- case '\n':
+- output[j++] = '\\';
+- output[j++] = '0';
+- output[j++] = 'a';
+- break;
+- default:
+- output[j++] = input[i];
+- }
+-
+- i++;
+- }
+- output[j] = '\0';
+- *sanitized = talloc_realloc(mem_ctx, output, char, j+1);
+- if (!*sanitized) {
+- talloc_free(output);
+- return ENOMEM;
+- }
+-
+- return EOK;
+-}
+-
+-errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
+- const char *input,
+- char **sanitized)
+-{
+- return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL);
+-}
+-
+ char *
+ sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr)
+ {
+diff --git a/src/util/util_ext.c b/src/util/util_ext.c
+index 04dc02a8a..a89b60f76 100644
+--- a/src/util/util_ext.c
++++ b/src/util/util_ext.c
+@@ -29,6 +29,11 @@
+
+ #define EOK 0
+
++#ifndef HAVE_ERRNO_T
++#define HAVE_ERRNO_T
++typedef int errno_t;
++#endif
++
+ int split_on_separator(TALLOC_CTX *mem_ctx, const char *str,
+ const char sep, bool trim, bool skip_empty,
+ char ***_list, int *size)
+@@ -141,3 +146,97 @@ bool string_in_list(const char *string, char **list, bool case_sensitive)
+
+ return false;
+ }
++
++errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
++ const char *input,
++ char **sanitized,
++ const char *ignore)
++{
++ char *output;
++ size_t i = 0;
++ size_t j = 0;
++ char *allowed;
++
++ /* Assume the worst-case. We'll resize it later, once */
++ output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1);
++ if (!output) {
++ return ENOMEM;
++ }
++
++ while (input[i]) {
++ /* Even though this character might have a special meaning, if it's
++ * explicitly allowed, just copy it and move on
++ */
++ if (ignore == NULL) {
++ allowed = NULL;
++ } else {
++ allowed = strchr(ignore, input[i]);
++ }
++ if (allowed) {
++ output[j++] = input[i++];
++ continue;
++ }
++
++ switch(input[i]) {
++ case '\t':
++ output[j++] = '\\';
++ output[j++] = '0';
++ output[j++] = '9';
++ break;
++ case ' ':
++ output[j++] = '\\';
++ output[j++] = '2';
++ output[j++] = '0';
++ break;
++ case '*':
++ output[j++] = '\\';
++ output[j++] = '2';
++ output[j++] = 'a';
++ break;
++ case '(':
++ output[j++] = '\\';
++ output[j++] = '2';
++ output[j++] = '8';
++ break;
++ case ')':
++ output[j++] = '\\';
++ output[j++] = '2';
++ output[j++] = '9';
++ break;
++ case '\\':
++ output[j++] = '\\';
++ output[j++] = '5';
++ output[j++] = 'c';
++ break;
++ case '\r':
++ output[j++] = '\\';
++ output[j++] = '0';
++ output[j++] = 'd';
++ break;
++ case '\n':
++ output[j++] = '\\';
++ output[j++] = '0';
++ output[j++] = 'a';
++ break;
++ default:
++ output[j++] = input[i];
++ }
++
++ i++;
++ }
++ output[j] = '\0';
++ *sanitized = talloc_realloc(mem_ctx, output, char, j+1);
++ if (!*sanitized) {
++ talloc_free(output);
++ return ENOMEM;
++ }
++
++ return EOK;
++}
++
++errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
++ const char *input,
++ char **sanitized)
++{
++ return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL);
++}
+--
+2.21.3
+
diff --git a/SOURCES/0040-AD-Enforcing-GPO-rule-restriction-on-user.patch b/SOURCES/0040-AD-Enforcing-GPO-rule-restriction-on-user.patch
new file mode 100644
index 0000000..527067e
--- /dev/null
+++ b/SOURCES/0040-AD-Enforcing-GPO-rule-restriction-on-user.patch
@@ -0,0 +1,42 @@
+From a06bf788585f5fc14ba16d132665401a7ce7eb35 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= <ppolawsk@redhat.com>
+Date: Thu, 28 May 2020 12:12:58 +0200
+Subject: [PATCH] AD: Enforcing GPO rule restriction on user
+
+This fixes bug related to ad_gpo_implicit_deny option set to True.
+gpo_implict_denay was checked only for dacl_filtered_gpos,
+but not for cse_filtered_gpos.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5181
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/providers/ad/ad_gpo.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index 53560a754..2c6aa7fa6 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -2541,7 +2541,16 @@ ad_gpo_process_gpo_done(struct tevent_req *subreq)
+ /* no gpos contain "SecuritySettings" cse_guid, nothing to enforce */
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "no applicable gpos found after cse_guid filtering\n");
+- ret = EOK;
++
++ if (state->gpo_implicit_deny == true) {
++ DEBUG(SSSDBG_TRACE_FUNC,
++ "No applicable GPOs have been found and ad_gpo_implicit_deny"
++ " is set to 'true'. The user will be denied access.\n");
++ ret = ERR_ACCESS_DENIED;
++ } else {
++ ret = EOK;
++ }
++
+ goto done;
+ }
+
+--
+2.21.3
+
diff --git a/SOURCES/0041-man-clarify-AD-certificate-rule.patch b/SOURCES/0041-man-clarify-AD-certificate-rule.patch
new file mode 100644
index 0000000..a54281a
--- /dev/null
+++ b/SOURCES/0041-man-clarify-AD-certificate-rule.patch
@@ -0,0 +1,33 @@
+From 3bb910503bb7cbc20105f0a302db400f04436d2a Mon Sep 17 00:00:00 2001
+From: ikerexxe <ipedrosa@redhat.com>
+Date: Tue, 18 Aug 2020 11:45:18 +0200
+Subject: [PATCH] man: clarify AD certificate rule
+
+Clarify AD specific certificate rule example by changing userPrincipal to
+userPrincipalName. Moreover, match the subject principal name in the
+example with the rule name.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5278
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/man/sss-certmap.5.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/man/sss-certmap.5.xml b/src/man/sss-certmap.5.xml
+index 10343625e..09aec997c 100644
+--- a/src/man/sss-certmap.5.xml
++++ b/src/man/sss-certmap.5.xml
+@@ -487,7 +487,7 @@
+ sign.
+ </para>
+ <para>
+- Example: (|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name}))
++ Example: (|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name}))
+ </para>
+ </listitem>
+ </varlistentry>
+--
+2.21.3
+
diff --git a/SOURCES/0042-config-allow-prompting-options-in-configuration.patch b/SOURCES/0042-config-allow-prompting-options-in-configuration.patch
new file mode 100644
index 0000000..20e4c7e
--- /dev/null
+++ b/SOURCES/0042-config-allow-prompting-options-in-configuration.patch
@@ -0,0 +1,72 @@
+From 4526858adb58736066a0b2cf2dc793ddfe671b2b Mon Sep 17 00:00:00 2001
+From: ikerexxe <ipedrosa@redhat.com>
+Date: Tue, 4 Aug 2020 15:39:51 +0200
+Subject: [PATCH] config: allow prompting options in configuration
+
+False warnings were logged after enabling prompting options in
+configuration file. This change modifies the configuration rules to
+allow prompting options.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5259
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/config/cfg_rules.ini | 34 ++++++++++++++++++++++++++++++++++
+ 1 file changed, 34 insertions(+)
+
+diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
+index 2874ea048..2d4e7b51d 100644
+--- a/src/config/cfg_rules.ini
++++ b/src/config/cfg_rules.ini
+@@ -14,6 +14,10 @@ section = session_recording
+ section_re = ^secrets/users/[0-9]\+$
+ section_re = ^secrets/secrets$
+ section_re = ^secrets/kcm$
++section_re = ^prompting/password$
++section_re = ^prompting/password/[^/\@]\+$
++section_re = ^prompting/2fa$
++section_re = ^prompting/2fa/[^/\@]\+$
+ section_re = ^domain/[^/\@]\+$
+ section_re = ^domain/[^/\@]\+/[^/\@]\+$
+ section_re = ^application/[^/\@]\+$
+@@ -332,6 +336,36 @@ option = scope
+ option = users
+ option = groups
+
++# Prompting during authentication
++[rule/allowed_prompting_password_options]
++validator = ini_allowed_options
++section_re = ^prompting/password$
++
++option = password_prompt
++
++[rule/allowed_prompting_2fa_options]
++validator = ini_allowed_options
++section_re = ^prompting/2fa$
++
++option = single_prompt
++option = first_prompt
++option = second_prompt
++
++[rule/allowed_prompting_password_subsec_options]
++validator = ini_allowed_options
++section_re = ^prompting/password/[^/\@]\+$
++
++option = password_prompt
++
++[rule/allowed_prompting_2fa_subsec_options]
++validator = ini_allowed_options
++section_re = ^prompting/2fa/[^/\@]\+$
++
++option = single_prompt
++option = first_prompt
++option = second_prompt
++
++
+ [rule/allowed_domain_options]
+ validator = ini_allowed_options
+ section_re = ^\(domain\|application\)/[^/]\+$
+--
+2.21.3
+
diff --git a/SOURCES/0043-p11_child-switch-default-ocsp_dgst-to-sha1.patch b/SOURCES/0043-p11_child-switch-default-ocsp_dgst-to-sha1.patch
new file mode 100644
index 0000000..95cac65
--- /dev/null
+++ b/SOURCES/0043-p11_child-switch-default-ocsp_dgst-to-sha1.patch
@@ -0,0 +1,77 @@
+From 10366b4ee8c01ea20d908102e92d52fdeda168c3 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 18 Aug 2020 14:37:04 +0200
+Subject: [PATCH] p11_child: switch default ocsp_dgst to sha1
+
+For details please see discussion at
+https://github.com/SSSD/sssd/pull/837#issuecomment-672831519
+
+:newdefault: sssd:certificate_verification:ocsp_dgst, sha256, sha1
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5002
+
+Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/man/sssd.conf.5.xml | 3 ++-
+ src/p11_child/p11_child_common_utils.c | 6 +++---
+ src/p11_child/p11_child_openssl.c | 4 ++--
+ 3 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
+index 874a09c49..50692dfdd 100644
+--- a/src/man/sssd.conf.5.xml
++++ b/src/man/sssd.conf.5.xml
+@@ -507,7 +507,8 @@
+ <listitem><para>sha512</para></listitem>
+ </itemizedlist></para>
+ <para>
+- Default: sha256
++ Default: sha1 (to allow compatibility with
++ RFC5019-compliant responder)
+ </para>
+ <para>(NSS Version) This option is
+ ignored, because NSS uses sha1
+diff --git a/src/p11_child/p11_child_common_utils.c b/src/p11_child/p11_child_common_utils.c
+index 6798752c7..95791b1f0 100644
+--- a/src/p11_child/p11_child_common_utils.c
++++ b/src/p11_child/p11_child_common_utils.c
+@@ -43,7 +43,7 @@ static struct cert_verify_opts *init_cert_verify_opts(TALLOC_CTX *mem_ctx)
+ cert_verify_opts->ocsp_default_responder = NULL;
+ cert_verify_opts->ocsp_default_responder_signing_cert = NULL;
+ cert_verify_opts->crl_file = NULL;
+- cert_verify_opts->ocsp_dgst = CKM_SHA256;
++ cert_verify_opts->ocsp_dgst = CKM_SHA_1;
+ cert_verify_opts->soft_ocsp = false;
+ cert_verify_opts->soft_crl = false;
+
+@@ -174,8 +174,8 @@ errno_t parse_cert_verify_opts(TALLOC_CTX *mem_ctx, const char *verify_opts,
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Unsupported digest for OCSP [%s], "
+- "using default sha256.\n", &opts[c][OCSP_DGST_LEN]);
+- cert_verify_opts->ocsp_dgst = CKM_SHA256;
++ "using default sha1.\n", &opts[c][OCSP_DGST_LEN]);
++ cert_verify_opts->ocsp_dgst = CKM_SHA_1;
+ }
+ #endif
+ } else if (strcasecmp(opts[c], "soft_ocsp") == 0) {
+diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c
+index 321cf162e..04b3e1467 100644
+--- a/src/p11_child/p11_child_openssl.c
++++ b/src/p11_child/p11_child_openssl.c
+@@ -372,8 +372,8 @@ static errno_t do_ocsp(struct p11_ctx *p11_ctx, X509 *cert)
+ ocsp_dgst = get_dgst(p11_ctx->cert_verify_opts->ocsp_dgst);
+ if (ocsp_dgst == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot determine configured digest function "
+- "for OCSP, using default sha256.\n");
+- ocsp_dgst = EVP_sha256();
++ "for OCSP, using default sha1.\n");
++ ocsp_dgst = EVP_sha1();
+ }
+ cid = OCSP_cert_to_id(ocsp_dgst, cert, issuer);
+ if (cid == NULL) {
+--
+2.21.3
+
diff --git a/SOURCES/0044-GPO-respect-ad_gpo_implicit_deny-when-evaluation-rul.patch b/SOURCES/0044-GPO-respect-ad_gpo_implicit_deny-when-evaluation-rul.patch
new file mode 100644
index 0000000..d00fb18
--- /dev/null
+++ b/SOURCES/0044-GPO-respect-ad_gpo_implicit_deny-when-evaluation-rul.patch
@@ -0,0 +1,181 @@
+From 69e1f5fe79806a530e90c8af09bedd3b9e6b4dac Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 10 Jul 2020 15:30:29 +0200
+Subject: [PATCH] GPO: respect ad_gpo_implicit_deny when evaluation rules
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently if setting ad_gpo_implicit_deny to 'True' is rejected access
+if no GPOs applied to the host since in this case there are obvious not
+allow rules available.
+
+But according to the man page we have to be more strict "When this
+option is set to True users will be allowed access only when explicitly
+allowed by a GPO rule". So if GPOs apply and no allow rules are present
+we have to reject access as well.
+
+Resolves: https://github.com/SSSD/sssd/issues/5061
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/man/sssd-ad.5.xml | 59 +++++++++++++++++++++++++++++++++++++++
+ src/providers/ad/ad_gpo.c | 13 +++++++--
+ 2 files changed, 69 insertions(+), 3 deletions(-)
+
+diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
+index 5c2f46546..fbd4985d7 100644
+--- a/src/man/sssd-ad.5.xml
++++ b/src/man/sssd-ad.5.xml
+@@ -477,9 +477,68 @@ DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,
+ built-in Administrators group if no GPO rules
+ apply to them.
+ </para>
++
+ <para>
+ Default: False
+ </para>
++
++ <para>
++ The following 2 tables should illustrate when a user
++ is allowed or rejected based on the allow and deny
++ login rights defined on the server-side and the
++ setting of ad_gpo_implicit_deny.
++ </para>
++ <informaltable frame='all'>
++ <tgroup cols='3'>
++ <colspec colname='c1' align='center'/>
++ <colspec colname='c2' align='center'/>
++ <colspec colname='c3' align='center'/>
++ <thead>
++ <row><entry namest='c1' nameend='c3' align='center'>
++ ad_gpo_implicit_deny = False (default)</entry></row>
++ <row><entry>allow-rules</entry><entry>deny-rules</entry>
++ <entry>results</entry></row>
++ </thead>
++ <tbody>
++ <row><entry>missing</entry><entry>missing</entry>
++ <entry><para>all users are allowed</para>
++ </entry></row>
++ <row><entry>missing</entry><entry>present</entry>
++ <entry><para>only users not in deny-rules are
++ allowed</para></entry></row>
++ <row><entry>present</entry><entry>missing</entry>
++ <entry><para>only users in allow-rules are
++ allowed</para></entry></row>
++ <row><entry>present</entry><entry>present</entry>
++ <entry><para>only users in allow-rules and not in
++ deny-rules are allowed</para></entry></row>
++ </tbody></tgroup></informaltable>
++
++ <informaltable frame='all'>
++ <tgroup cols='3'>
++ <colspec colname='c1' align='center'/>
++ <colspec colname='c2' align='center'/>
++ <colspec colname='c3' align='center'/>
++ <thead>
++ <row><entry namest='c1' nameend='c3' align='center'>
++ ad_gpo_implicit_deny = True</entry></row>
++ <row><entry>allow-rules</entry><entry>deny-rules</entry>
++ <entry>results</entry></row>
++ </thead>
++ <tbody>
++ <row><entry>missing</entry><entry>missing</entry>
++ <entry><para>no users are allowed</para>
++ </entry></row>
++ <row><entry>missing</entry><entry>present</entry>
++ <entry><para>no users are allowed</para>
++ </entry></row>
++ <row><entry>present</entry><entry>missing</entry>
++ <entry><para>only users in allow-rules are
++ allowed</para></entry></row>
++ <row><entry>present</entry><entry>present</entry>
++ <entry><para>only users in allow-rules and not in
++ deny-rules are allowed</para></entry></row>
++ </tbody></tgroup></informaltable>
+ </listitem>
+ </varlistentry>
+
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index 2c6aa7fa6..0cf5da2a1 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -1531,6 +1531,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
+ enum gpo_access_control_mode gpo_mode,
+ enum gpo_map_type gpo_map_type,
+ const char *user,
++ bool gpo_implicit_deny,
+ struct sss_domain_info *domain,
+ char **allowed_sids,
+ int allowed_size,
+@@ -1575,7 +1576,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
+ group_sids[j]);
+ }
+
+- if (allowed_size == 0) {
++ if (allowed_size == 0 && !gpo_implicit_deny) {
+ access_granted = true;
+ } else {
+ access_granted = check_rights(allowed_sids, allowed_size, user_sid,
+@@ -1694,6 +1695,7 @@ ad_gpo_perform_hbac_processing(TALLOC_CTX *mem_ctx,
+ enum gpo_access_control_mode gpo_mode,
+ enum gpo_map_type gpo_map_type,
+ const char *user,
++ bool gpo_implicit_deny,
+ struct sss_domain_info *user_domain,
+ struct sss_domain_info *host_domain)
+ {
+@@ -1732,8 +1734,8 @@ ad_gpo_perform_hbac_processing(TALLOC_CTX *mem_ctx,
+
+ /* perform access check with the final resultant allow_sids and deny_sids */
+ ret = ad_gpo_access_check(mem_ctx, gpo_mode, gpo_map_type, user,
+- user_domain, allow_sids, allow_size, deny_sids,
+- deny_size);
++ gpo_implicit_deny, user_domain,
++ allow_sids, allow_size, deny_sids, deny_size);
+
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+@@ -1918,6 +1920,7 @@ immediately:
+ static errno_t
+ process_offline_gpos(TALLOC_CTX *mem_ctx,
+ const char *user,
++ bool gpo_implicit_deny,
+ enum gpo_access_control_mode gpo_mode,
+ struct sss_domain_info *user_domain,
+ struct sss_domain_info *host_domain,
+@@ -1930,6 +1933,7 @@ process_offline_gpos(TALLOC_CTX *mem_ctx,
+ gpo_mode,
+ gpo_map_type,
+ user,
++ gpo_implicit_deny,
+ user_domain,
+ host_domain);
+ if (ret != EOK) {
+@@ -1976,6 +1980,7 @@ ad_gpo_connect_done(struct tevent_req *subreq)
+ DEBUG(SSSDBG_TRACE_FUNC, "Preparing for offline operation.\n");
+ ret = process_offline_gpos(state,
+ state->user,
++ state->gpo_implicit_deny,
+ state->gpo_mode,
+ state->user_domain,
+ state->host_domain,
+@@ -2102,6 +2107,7 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq)
+ DEBUG(SSSDBG_TRACE_FUNC, "Preparing for offline operation.\n");
+ ret = process_offline_gpos(state,
+ state->user,
++ state->gpo_implicit_deny,
+ state->gpo_mode,
+ state->user_domain,
+ state->host_domain,
+@@ -2766,6 +2772,7 @@ ad_gpo_cse_done(struct tevent_req *subreq)
+ state->gpo_mode,
+ state->gpo_map_type,
+ state->user,
++ state->gpo_implicit_deny,
+ state->user_domain,
+ state->host_domain);
+ if (ret != EOK) {
+--
+2.21.3
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index 52bd737..c74441a 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -8,12 +8,14 @@
%global install_pcscd_polkit_rule 1
+%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
+
# Determine the location of the LDB modules directory
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
%global ldb_version 1.2.0
%global enable_systemtap 1
- %global enable_systemtap_opt --enable-systemtap
+%global enable_systemtap_opt --enable-systemtap
%global libwbc_alternatives_version 0.14
%global libwbc_lib_version %{libwbc_alternatives_version}.0
@@ -23,8 +25,8 @@
%endif
Name: sssd
-Version: 2.2.3
-Release: 20%{?dist}
+Version: 2.3.0
+Release: 9%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -32,36 +34,50 @@ URL: https://pagure.io/SSSD/sssd/
Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
### Patches ###
-Patch0001: 0001-INI-sssctl-config-check-command-error-messages.patch
-Patch0002: 0002-certmap-mention-special-regex-characters-in-man-page.patch
-Patch0003: 0003-ldap_child-do-not-try-PKINIT.patch
-Patch0004: 0004-util-watchdog-fixed-watchdog-implementation.patch
-Patch0005: 0005-providers-krb5-got-rid-of-unused-code.patch
-Patch0006: 0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch
-Patch0007: 0007-util-server-improved-debug-at-shutdown.patch
-Patch0008: 0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch
-Patch0009: 0009-sdap-Add-randomness-to-ldap-connection-timeout.patch
-Patch0010: 0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
-Patch0011: 0011-ad-add-ad_use_ldaps.patch
-Patch0012: 0012-ldap-add-new-option-ldap_sasl_maxssf.patch
-Patch0013: 0013-ad-set-min-and-max-ssf-for-ldaps.patch
-Patch0014: 0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch
-Patch0015: 0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch
-Patch0016: 0016-zanata-Pulled-new-translations.patch
-Patch0017: 0017-sbus_server-stylistic-rename.patch
-Patch0018: 0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch
-Patch0019: 0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch
-Patch0020: 0020-sss_ptr_hash-removed-redundant-check.patch
-Patch0021: 0021-sss_ptr_hash-fixed-memory-leak.patch
-Patch0022: 0022-sss_ptr_hash-internal-refactoring.patch
-Patch0023: 0023-TESTS-added-sss_ptr_hash-unit-test.patch
-Patch0024: 0024-p11_child-check-if-card-is-present-in-wait_for_card.patch
-Patch0025: 0025-PAM-client-only-require-UID-0-for-private-socket.patch
-Patch0026: 0026-ssh-do-not-mix-different-certificate-lists.patch
-Patch0027: 0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch
-Patch0028: 0028-Add-TCP-level-timeout-to-LDAP-services.patch
-Patch0029: 0029-sss_sockets-pass-pointer-instead-of-integer.patch
-Patch0030: 0030-ssh-fix-matching-rules-default.patch
+Patch0001: 0001-ad_gpo_ndr.c-more-ndr-updates.patch
+Patch0002: 0002-test-avoid-endian-issues-in-network-tests.patch
+Patch0003: 0003-sssctl-sssctl-config-check-alternative-config-file.patch
+Patch0004: 0004-DEBUG-only-open-child-process-log-files-when-require.patch
+Patch0005: 0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
+Patch0006: 0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
+Patch0007: 0007-util-inotify-fixed-CLANG_WARNING.patch
+Patch0008: 0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
+Patch0009: 0009-Replaced-enter-with-insert.patch
+Patch0010: 0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
+Patch0011: 0011-ipa-add-failover-to-subdomain-override-lookups.patch
+Patch0012: 0012-GPO-fix-link-order-in-a-SOM.patch
+Patch0013: 0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
+Patch0014: 0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
+Patch0015: 0015-sysdb-make-new_subdomain-public.patch
+Patch0016: 0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
+Patch0017: 0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
+Patch0018: 0018-ad-add-ad_check_domain_-send-recv.patch
+Patch0019: 0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
+Patch0020: 0020-man-Document-invalid-selinux-context-for-homedirs.patch
+Patch0021: 0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
+Patch0022: 0022-pam_sss-special-handling-for-gdm-smartcard.patch
+Patch0023: 0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
+Patch0024: 0024-systemtap-Missing-a-comma.patch
+Patch0025: 0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
+Patch0026: 0026-files-allow-root-membership.patch
+Patch0027: 0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
+Patch0028: 0028-mem-cache-sizes-of-free-and-data-tables-were-made-co.patch
+Patch0029: 0029-NSS-make-memcache-size-configurable.patch
+Patch0030: 0030-NSS-avoid-excessive-log-messages.patch
+Patch0031: 0031-NSS-enhanced-debug-during-mem-cache-initialization.patch
+Patch0032: 0032-mem-cache-added-log-message-in-case-cache-is-full.patch
+Patch0033: 0033-NSS-make-memcache-size-configurable-in-megabytes.patch
+Patch0034: 0034-mem-cache-comment-added.patch
+Patch0035: 0035-mem-cache-always-cleanup-old-content.patch
+Patch0036: 0036-TRANSLATIONS-updated-translations-to-include-new-sou.patch
+Patch0037: 0037-Updated-translation-files-Japanese-Chinese-China-Fre.patch
+Patch0038: 0038-sssctl-sssctl-config-check-alternative-snippet-dir.patch
+Patch0039: 0039-certmap-sanitize-LDAP-search-filter.patch
+Patch0040: 0040-AD-Enforcing-GPO-rule-restriction-on-user.patch
+Patch0041: 0041-man-clarify-AD-certificate-rule.patch
+Patch0042: 0042-config-allow-prompting-options-in-configuration.patch
+Patch0043: 0043-p11_child-switch-default-ocsp_dgst-to-sha1.patch
+Patch0044: 0044-GPO-respect-ad_gpo_implicit_deny-when-evaluation-rul.patch
### Downstream Patches ###
@@ -146,7 +162,7 @@ BuildRequires: systemd-devel
BuildRequires: systemd
BuildRequires: cifs-utils-devel
BuildRequires: libnfsidmap-devel
-BuildRequires: samba4-devel
+BuildRequires: samba-devel
BuildRequires: libsmbclient-devel
BuildRequires: samba-winbind
BuildRequires: systemtap-sdt-devel
@@ -202,6 +218,8 @@ sub-packages such as sssd-ldap.
Summary: SSSD Client libraries for NSS and PAM
Group: Applications/System
License: LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
Requires(post): /usr/sbin/alternatives
@@ -236,6 +254,7 @@ Summary: Userspace tools for use with the SSSD
Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
+Requires: libsss_simpleifp = %{version}-%{release}
# required by sss_obfuscate
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
@@ -292,6 +311,7 @@ License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch identity data
@@ -327,6 +347,7 @@ Summary: Common files needed for supporting PAC processing
Group: Applications/System
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
%description common-pac
Provides common files needed by SSSD providers such as IPA and Active Directory
@@ -337,11 +358,13 @@ Summary: The IPA back end of the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
+Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
Recommends: bind-utils
Requires: sssd-common-pac = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
Requires(pre): shadow-utils
%description ipa
@@ -353,9 +376,11 @@ Summary: The AD back end of the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
+Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
Recommends: bind-utils
Recommends: adcli
Suggests: sssd-libwbclient = %{version}-%{release}
@@ -505,6 +530,7 @@ Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
Summary: The SSSD libwbclient implementation
Group: Applications/System
License: GPLv3+ and LGPLv3+
+Requires: libsss_nss_idmap = %{version}-%{release}
Conflicts: libwbclient < 4.2.0-0.2.rc2
Conflicts: sssd-common < %{version}-%{release}
@@ -526,6 +552,8 @@ Summary: SSSD's idmap_sss Backend for Winbind
Group: Applications/System
License: GPLv3+ and LGPLv3+
Conflicts: sssd-common < %{version}-%{release}
+Requires: libsss_nss_idmap = %{version}-%{release}
+Requires: libsss_idmap = %{version}-%{release}
%description winbind-idmap
The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs
@@ -627,6 +655,7 @@ autoreconf -ivf
make %{?_smp_mflags} all docs
make -C po ja.gmo
make -C po fr.gmo
+make -C po zh_CN.po
%check
export CK_TIMEOUT_MULTIPLIER=10
@@ -848,8 +877,6 @@ done
%{_libdir}/%{name}/conf/sssd.conf
%{_datadir}/sssd/cfg_rules.ini
-%{_datadir}/sssd/sssd.api.conf
-%{_datadir}/sssd/sssd.api.d
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
%{_mandir}/man5/sssd.conf.5*
@@ -991,6 +1018,9 @@ done
%{python3_sitelib}/SSSDConfig/*.py*
%dir %{python3_sitelib}/SSSDConfig/__pycache__
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
+%dir %{_datadir}/sssd
+%{_datadir}/sssd/sssd.api.conf
+%{_datadir}/sssd/sssd.api.d
%files -n python3-sss
%defattr(-,root,root,-)
@@ -1220,6 +1250,58 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so
%changelog
+* Mon Sep 14 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-9
+- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied
+
+* Fri Aug 21 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-8
+- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working
+- Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema
+- Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf
+- Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1
+
+* Fri Aug 07 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-7
+- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.
+- Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter
+
+* Fri Jul 24 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-6
+- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization
+
+* Mon Jul 20 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-5
+- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache
+- Fixed "requires/provides" rpmdiff warning
+
+* Thu Jul 02 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-4
+- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication
+- Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider
+- Resolves: rhbz#1803134 - Improve "unlock" time when user session already active
+
+* Fri Jun 26 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-3
+- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package
+- Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP
+- Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache
+- Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for
+ inotify events, and no updates are triggered
+- Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card"
+ on GDM login with smart-card
+- Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat
+- Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network.
+- Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management
+- Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest
+ if LDAP entries do not contain AD forest root information
+- Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories
+ in SSSD-AD direct integration.
+- Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card
+- Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False
+- Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma
+
+* Thu Jun 11 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-2
+- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.
+
+* Mon Jun 08 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-1
+- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3
+- Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure
+- Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working
+
* Mon Mar 16 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-19
- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard
certificate EKU and perform an action based