diff --git a/.gitignore b/.gitignore
index 5e4ac2c..56d81dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/sssd-2.3.0.tar.gz
+SOURCES/sssd-2.4.0.tar.gz
diff --git a/.sssd.metadata b/.sssd.metadata
index 1dea3e7..54e9039 100644
--- a/.sssd.metadata
+++ b/.sssd.metadata
@@ -1 +1 @@
-61b8704c33ea80104fa9d94017c704e333c3c552 SOURCES/sssd-2.3.0.tar.gz
+abcf616bf894d54623bf2541afdc7018e5d150aa SOURCES/sssd-2.4.0.tar.gz
diff --git a/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch b/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch
deleted file mode 100644
index 52ba2f4..0000000
--- a/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From a7c755672cd277497da3df4714f6d9457b6ac5ae Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 28 May 2020 15:02:43 +0200
-Subject: [PATCH] ad_gpo_ndr.c: more ndr updates
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch add another update to the ndr code which was previously
-updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and
-1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc.
-
-As missing update in ndr_pull_security_ace() cased
-a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was
-added to prevent similar issues in future.
-
-Resolves: https://github.com/SSSD/sssd/issues/5183
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_gpo_ndr.c | 1 +
- src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++
- 2 files changed, 58 insertions(+)
-
-diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
-index acd7b77c8..71d6d40f2 100644
---- a/src/providers/ad/ad_gpo_ndr.c
-+++ b/src/providers/ad/ad_gpo_ndr.c
-@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr,
- ndr->offset += pad;
- }
- if (ndr_flags & NDR_BUFFERS) {
-+ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
- NDR_CHECK(ndr_pull_security_ace_object_ctr
- (ndr, NDR_BUFFERS, &r->object));
- }
-diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c
-index 97f70408a..d1f7a6915 100644
---- a/src/tests/cmocka/test_ad_gpo.c
-+++ b/src/tests/cmocka/test_ad_gpo.c
-@@ -347,6 +347,60 @@ void test_ad_gpo_ace_includes_host_sid_true(void **state)
- group_size, ace_dom_sid, true);
- }
-
-+uint8_t test_sid_data[] = {
-+0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
-+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
-+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
-+0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
-+0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8,
-+0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00,
-+0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55,
-+0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00,
-+0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60,
-+0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
-+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
-+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
-+0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
-+0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00,
-+0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00,
-+0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00,
-+0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11,
-+0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
-+0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
-+0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00
-+};
-+
-+void test_ad_gpo_parse_sd(void **state)
-+{
-+ int ret;
-+ struct security_descriptor *sd = NULL;
-+
-+ ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd);
-+ assert_int_equal(ret, EINVAL);
-+
-+ ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd);
-+ assert_int_equal(ret, EOK);
-+ assert_non_null(sd);
-+ assert_int_equal(sd->revision, 1);
-+ assert_int_equal(sd->type, 39940);
-+ assert_null(sd->owner_sid);
-+ assert_null(sd->group_sid);
-+ assert_null(sd->sacl);
-+ assert_non_null(sd->dacl);
-+ assert_int_equal(sd->dacl->revision, 4);
-+ assert_int_equal(sd->dacl->size, 308);
-+ assert_int_equal(sd->dacl->num_aces, 10);
-+ assert_int_equal(sd->dacl->aces[0].type, 0);
-+ assert_int_equal(sd->dacl->aces[0].flags, 0);
-+ assert_int_equal(sd->dacl->aces[0].size, 36);
-+ assert_int_equal(sd->dacl->aces[0].access_mask, 917693);
-+ /* There are more components and ACEs in the security_descriptor struct
-+ * which are not checked here. */
-+
-+ talloc_free(sd);
-+}
-+
- int main(int argc, const char *argv[])
- {
- poptContext pc;
-@@ -385,6 +439,9 @@ int main(int argc, const char *argv[])
- cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_host_sid_true,
- ad_gpo_test_setup,
- ad_gpo_test_teardown),
-+ cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd,
-+ ad_gpo_test_setup,
-+ ad_gpo_test_teardown),
- };
-
- /* Set debug level to invalid value so we can decide if -d 0 was used. */
---
-2.21.1
-
diff --git a/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch b/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch
deleted file mode 100644
index 9a6d266..0000000
--- a/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 532b75c937d767caf60bb00f1a525ae7f6c70cc6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Wed, 20 May 2020 12:07:13 +0200
-Subject: [PATCH] test: avoid endian issues in network tests
-
-Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
----
- src/tests/cmocka/test_nss_srv.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
-index 2c91d0a23..3cd7809cf 100644
---- a/src/tests/cmocka/test_nss_srv.c
-+++ b/src/tests/cmocka/test_nss_srv.c
-@@ -35,6 +35,7 @@
- #include "util/util_sss_idmap.h"
- #include "util/crypto/sss_crypto.h"
- #include "util/crypto/nss/nss_util.h"
-+#include "util/sss_endian.h"
- #include "db/sysdb_private.h" /* new_subdomain() */
- #include "db/sysdb_iphosts.h"
- #include "db/sysdb_ipnetworks.h"
-@@ -5308,7 +5309,13 @@ struct netent test_netent = {
- .n_name = discard_const("test_network"),
- .n_aliases = discard_const(test_netent_aliases),
- .n_addrtype = AF_INET,
-+#if (__BYTE_ORDER == __LITTLE_ENDIAN)
- .n_net = 0x04030201 /* 1.2.3.4 */
-+#elif (__BYTE_ORDER == __BIG_ENDIAN)
-+ .n_net = 0x01020304 /* 1.2.3.4 */
-+#else
-+ #error "unknow endianess"
-+#endif
- };
-
- static void mock_input_netbyname(const char *name)
---
-2.21.1
-
diff --git a/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch b/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch
deleted file mode 100644
index 9934c57..0000000
--- a/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From 61f4aaa56ea876fb75c1366c938818b7799408ab Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Wed, 29 Apr 2020 16:40:36 +0200
-Subject: [PATCH] sssctl: sssctl config-check alternative config file
-
-The sssctl config-check now allows to specify alternative config
-file so it can be tested before rewriting system configuration.
-
- sssctl config-check -c ./sssd.conf
-
-Configuration snippets are looked up in the same place under
-conf.d directory. It would be in ./conf.d/ for the example above.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5142
-
-Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
----
- src/confdb/confdb.h | 6 ++--
- src/tools/sssctl/sssctl_config.c | 56 ++++++++++++++++++++++++++++----
- 2 files changed, 53 insertions(+), 9 deletions(-)
-
-diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
-index 0a5593232..a2b58e12a 100644
---- a/src/confdb/confdb.h
-+++ b/src/confdb/confdb.h
-@@ -40,8 +40,10 @@
-
- #define CONFDB_DEFAULT_CFG_FILE_VER 2
- #define CONFDB_FILE "config.ldb"
--#define SSSD_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf"
--#define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/conf.d"
-+#define SSSD_CONFIG_FILE_NAME "sssd.conf"
-+#define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME
-+#define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d"
-+#define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/"CONFDB_DEFAULT_CONFIG_DIR_NAME
- #define SSSD_MIN_ID 1
- #define SSSD_LOCAL_MINID 1000
- #define CONFDB_DEFAULT_SHELL_FALLBACK "/bin/sh"
-diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
-index 74395b61c..de9f3de6e 100644
---- a/src/tools/sssctl/sssctl_config.c
-+++ b/src/tools/sssctl/sssctl_config.c
-@@ -34,6 +34,29 @@
-
-
- #ifdef HAVE_LIBINI_CONFIG_V1_3
-+
-+static char *sssctl_config_snippet_path(TALLOC_CTX *ctx, const char *path)
-+{
-+ char *tmp = NULL;
-+ const char delimiter = '/';
-+ char *dpos = NULL;
-+
-+ tmp = talloc_strdup(ctx, path);
-+ if (!tmp) {
-+ return NULL;
-+ }
-+
-+ dpos = strrchr(tmp, delimiter);
-+ if (dpos != NULL) {
-+ ++dpos;
-+ *dpos = '\0';
-+ } else {
-+ *tmp = '\0';
-+ }
-+
-+ return talloc_strdup_append(tmp, CONFDB_DEFAULT_CONFIG_DIR_NAME);
-+}
-+
- errno_t sssctl_config_check(struct sss_cmdline *cmdline,
- struct sss_tool_ctx *tool_ctx,
- void *pvt)
-@@ -47,8 +70,15 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
- size_t num_ra_error, num_ra_success;
- char **strs = NULL;
- TALLOC_CTX *tmp_ctx = NULL;
--
-- ret = sss_tool_popt(cmdline, NULL, SSS_TOOL_OPT_OPTIONAL, NULL, NULL);
-+ const char *config_path = NULL;
-+ const char *config_snippet_path = NULL;
-+ struct poptOption long_options[] = {
-+ {"config", 'c', POPT_ARG_STRING, &config_path,
-+ 0, _("Specify a non-default config file"), NULL},
-+ POPT_TABLEEND
-+ };
-+
-+ ret = sss_tool_popt(cmdline, long_options, SSS_TOOL_OPT_OPTIONAL, NULL, NULL);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse command arguments\n");
- return ret;
-@@ -62,17 +92,29 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
- goto done;
- }
-
-+ if (config_path != NULL) {
-+ config_snippet_path = sssctl_config_snippet_path(tmp_ctx, config_path);
-+ if (config_snippet_path == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create snippet path\n");
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+ } else {
-+ config_path = SSSD_CONFIG_FILE;
-+ config_snippet_path = CONFDB_DEFAULT_CONFIG_DIR;
-+ }
-+
- ret = sss_ini_read_sssd_conf(init_data,
-- SSSD_CONFIG_FILE,
-- CONFDB_DEFAULT_CONFIG_DIR);
-+ config_path,
-+ config_snippet_path);
-
- if (ret == ERR_INI_OPEN_FAILED) {
-- PRINT("Failed to open %s\n", SSSD_CONFIG_FILE);
-+ PRINT("Failed to open %s\n", config_path);
- goto done;
- }
-
- if (!sss_ini_exists(init_data)) {
-- PRINT("File %1$s does not exist.\n", SSSD_CONFIG_FILE);
-+ PRINT("File %1$s does not exist.\n", config_path);
- }
-
- if (ret == ERR_INI_INVALID_PERMISSION) {
-@@ -83,7 +125,7 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
-
- if (ret == ERR_INI_PARSE_FAILED) {
- PRINT("Failed to load configuration from %s.\n",
-- SSSD_CONFIG_FILE);
-+ config_path);
- goto done;
- }
-
---
-2.21.1
-
diff --git a/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch b/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch
deleted file mode 100644
index 00814b7..0000000
--- a/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch
+++ /dev/null
@@ -1,664 +0,0 @@
-From 375887543daf26003ff7d900cf6a69d0c0b58523 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Wed, 27 May 2020 22:33:50 +0200
-Subject: [PATCH] DEBUG: only open child process log files when required
-
-There was no reason to keep child process log files open permanently.
-
-This patch:
- - helps to avoid issue when SIGHUP was ignored for child process logs;
- - somewhat reduces code duplication.
-
-Resolves: https://github.com/SSSD/sssd/issues/4667
-
-Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
----
- src/providers/ad/ad_gpo.c | 17 +++--------------
- src/providers/ad/ad_init.c | 7 -------
- src/providers/ad/ad_machine_pw_renewal.c | 2 +-
- src/providers/ipa/ipa_init.c | 7 -------
- src/providers/ipa/ipa_selinux.c | 17 +----------------
- src/providers/krb5/krb5_child_handler.c | 2 +-
- src/providers/krb5/krb5_common.h | 1 -
- src/providers/krb5/krb5_init_shared.c | 8 --------
- src/providers/ldap/ldap_common.c | 3 ---
- src/providers/ldap/ldap_common.h | 6 ------
- src/providers/ldap/ldap_init.c | 7 -------
- src/providers/ldap/sdap_child_helpers.c | 10 +---------
- src/responder/pam/pamsrv.c | 1 -
- src/responder/pam/pamsrv.h | 2 --
- src/responder/pam/pamsrv_cmd.c | 2 +-
- src/responder/pam/pamsrv_p11.c | 9 ++-------
- src/responder/ssh/ssh_private.h | 1 -
- src/responder/ssh/ssh_reply.c | 4 ++--
- src/responder/ssh/sshsrv.c | 10 ----------
- src/tests/cmocka/test_cert_utils.c | 12 ++++++------
- src/util/cert.h | 2 +-
- src/util/cert/cert_common_p11_child.c | 9 ++++-----
- src/util/child_common.c | 21 +++++++++++++++++----
- src/util/child_common.h | 6 ++----
- 24 files changed, 42 insertions(+), 124 deletions(-)
-
-diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
-index f17917552..bbe8d8a1e 100644
---- a/src/providers/ad/ad_gpo.c
-+++ b/src/providers/ad/ad_gpo.c
-@@ -99,15 +99,14 @@
- #define GPO_CHILD SSSD_LIBEXEC_PATH"/gpo_child"
- #endif
-
-+#define GPO_CHILD_LOG_FILE "gpo_child"
-+
- /* If INI_PARSE_IGNORE_NON_KVP is not defined, use 0 (no effect) */
- #ifndef INI_PARSE_IGNORE_NON_KVP
- #define INI_PARSE_IGNORE_NON_KVP 0
- #warning INI_PARSE_IGNORE_NON_KVP not defined.
- #endif
-
--/* fd used by the gpo_child process for logging */
--int gpo_child_debug_fd = -1;
--
- /* == common data structures and declarations ============================= */
-
- struct gp_som {
-@@ -1618,13 +1617,6 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
- return ret;
- }
-
--#define GPO_CHILD_LOG_FILE "gpo_child"
--
--static errno_t gpo_child_init(void)
--{
-- return child_debug_init(GPO_CHILD_LOG_FILE, &gpo_child_debug_fd);
--}
--
- /*
- * This function retrieves the raw policy_setting_value for the input key from
- * the GPO_Result object in the sysdb cache. It then parses the raw value and
-@@ -1808,9 +1800,6 @@ ad_gpo_access_send(TALLOC_CTX *mem_ctx,
- hash_value_t val;
- enum gpo_map_type gpo_map_type;
-
-- /* setup logging for gpo child */
-- gpo_child_init();
--
- req = tevent_req_create(mem_ctx, &state, struct ad_gpo_access_state);
- if (req == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
-@@ -4763,7 +4752,7 @@ gpo_fork_child(struct tevent_req *req)
- if (pid == 0) { /* child */
- exec_child_ex(state,
- pipefd_to_child, pipefd_from_child,
-- GPO_CHILD, gpo_child_debug_fd, NULL, false,
-+ GPO_CHILD, GPO_CHILD_LOG_FILE, NULL, false,
- STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO);
-
- /* We should never get here */
-diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
-index 05535fcb0..704e63a06 100644
---- a/src/providers/ad/ad_init.c
-+++ b/src/providers/ad/ad_init.c
-@@ -402,13 +402,6 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx,
-
- sdap_id_ctx->opts->sdom->pvt = ad_id_ctx;
-
-- ret = sdap_setup_child();
-- if (ret != EOK) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "sdap_setup_child() failed [%d]: %s\n",
-- ret, sss_strerror(ret));
-- return ret;
-- }
--
- ret = ad_init_srv_plugin(be_ctx, ad_options);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup SRV plugin [%d]: %s\n",
-diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c
-index e0db5fad5..ce9bbe6f3 100644
---- a/src/providers/ad/ad_machine_pw_renewal.c
-+++ b/src/providers/ad/ad_machine_pw_renewal.c
-@@ -185,7 +185,7 @@ ad_machine_account_password_renewal_send(TALLOC_CTX *mem_ctx,
- child_pid = fork();
- if (child_pid == 0) { /* child */
- exec_child_ex(state, pipefd_to_child, pipefd_from_child,
-- renewal_data->prog_path, -1,
-+ renewal_data->prog_path, NULL,
- extra_args, true,
- STDIN_FILENO, STDERR_FILENO);
-
-diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
-index cdfd11d7a..d8d592653 100644
---- a/src/providers/ipa/ipa_init.c
-+++ b/src/providers/ipa/ipa_init.c
-@@ -571,13 +571,6 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx,
- return ret;
- }
-
-- ret = sdap_setup_child();
-- if (ret != EOK) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup sdap child [%d]: %s\n",
-- ret, sss_strerror(ret));
-- return ret;
-- }
--
- if (dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE)) {
- ret = ipa_init_server_mode(be_ctx, ipa_options, ipa_id_ctx);
- if (ret != EOK) {
-diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
-index 630f68ad5..9ae37b90d 100644
---- a/src/providers/ipa/ipa_selinux.c
-+++ b/src/providers/ipa/ipa_selinux.c
-@@ -51,9 +51,6 @@
-
- #include <selinux/selinux.h>
-
--/* fd used by the selinux_child process for logging */
--int selinux_child_debug_fd = -1;
--
- static struct tevent_req *
- ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
- struct be_ctx *be_ctx,
-@@ -565,7 +562,6 @@ struct selinux_child_state {
- struct child_io_fds *io;
- };
-
--static errno_t selinux_child_init(void);
- static errno_t selinux_child_create_buffer(struct selinux_child_state *state);
- static errno_t selinux_fork_child(struct selinux_child_state *state);
- static void selinux_child_step(struct tevent_req *subreq);
-@@ -602,12 +598,6 @@ static struct tevent_req *selinux_child_send(TALLOC_CTX *mem_ctx,
- state->io->read_from_child_fd = -1;
- talloc_set_destructor((void *) state->io, child_io_destructor);
-
-- ret = selinux_child_init();
-- if (ret != EOK) {
-- DEBUG(SSSDBG_OP_FAILURE, "Failed to init the child\n");
-- goto immediately;
-- }
--
- ret = selinux_child_create_buffer(state);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "Failed to create the send buffer\n");
-@@ -638,11 +628,6 @@ immediately:
- return req;
- }
-
--static errno_t selinux_child_init(void)
--{
-- return child_debug_init(SELINUX_CHILD_LOG_FILE, &selinux_child_debug_fd);
--}
--
- static errno_t selinux_child_create_buffer(struct selinux_child_state *state)
- {
- size_t rp;
-@@ -712,7 +697,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
-
- if (pid == 0) { /* child */
- exec_child(state, pipefd_to_child, pipefd_from_child,
-- SELINUX_CHILD, selinux_child_debug_fd);
-+ SELINUX_CHILD, SELINUX_CHILD_LOG_FILE);
- DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
- ret, sss_strerror(ret));
- return ret;
-diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
-index b7fb54499..8546285b2 100644
---- a/src/providers/krb5/krb5_child_handler.c
-+++ b/src/providers/krb5/krb5_child_handler.c
-@@ -465,7 +465,7 @@ static errno_t fork_child(struct tevent_req *req)
- if (pid == 0) { /* child */
- exec_child_ex(state,
- pipefd_to_child, pipefd_from_child,
-- KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd,
-+ KRB5_CHILD, KRB5_CHILD_LOG_FILE,
- krb5_child_extra_args, false,
- STDIN_FILENO, STDOUT_FILENO);
-
-diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
-index 493d12e5f..f198e2684 100644
---- a/src/providers/krb5/krb5_common.h
-+++ b/src/providers/krb5/krb5_common.h
-@@ -124,7 +124,6 @@ struct krb5_ctx {
- struct dp_option *opts;
- struct krb5_service *service;
- struct krb5_service *kpasswd_service;
-- int child_debug_fd;
-
- sss_regexp_t *illegal_path_re;
-
-diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
-index afe15b365..ea3d32805 100644
---- a/src/providers/krb5/krb5_init_shared.c
-+++ b/src/providers/krb5/krb5_init_shared.c
-@@ -71,14 +71,6 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
- goto done;
- }
-
-- krb5_auth_ctx->child_debug_fd = -1; /* -1 means not initialized */
-- ret = child_debug_init(KRB5_CHILD_LOG_FILE,
-- &krb5_auth_ctx->child_debug_fd);
-- if (ret != EOK) {
-- DEBUG(SSSDBG_OP_FAILURE, "Could not set krb5_child debugging!\n");
-- goto done;
-- }
--
- ret = parse_krb5_map_user(krb5_auth_ctx,
- dp_opt_get_cstring(krb5_auth_ctx->opts,
- KRB5_MAP_USER),
-diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
-index 9d7806a2f..2133db36f 100644
---- a/src/providers/ldap/ldap_common.c
-+++ b/src/providers/ldap/ldap_common.c
-@@ -35,9 +35,6 @@
-
- #include "providers/ldap/sdap_idmap.h"
-
--/* a fd the child process would log into */
--int ldap_child_debug_fd = -1;
--
- errno_t ldap_id_setup_tasks(struct sdap_id_ctx *ctx)
- {
- return sdap_id_setup_tasks(ctx->be, ctx, ctx->opts->sdom,
-diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
-index 63ee5dd84..13e6d4871 100644
---- a/src/providers/ldap/ldap_common.h
-+++ b/src/providers/ldap/ldap_common.h
-@@ -44,9 +44,6 @@
-
- #define LDAP_ENUM_PURGE_TIMEOUT 10800
-
--/* a fd the child process would log into */
--extern int ldap_child_debug_fd;
--
- struct sdap_id_ctx;
-
- struct sdap_id_conn_ctx {
-@@ -342,9 +339,6 @@ sdap_ipnetwork_handler_recv(TALLOC_CTX *mem_ctx,
- struct tevent_req *req,
- struct dp_reply_std *data);
-
--/* setup child logging */
--int sdap_setup_child(void);
--
-
- errno_t string_to_shadowpw_days(const char *s, long *d);
-
-diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
-index 1be5d13de..de64e5985 100644
---- a/src/providers/ldap/ldap_init.c
-+++ b/src/providers/ldap/ldap_init.c
-@@ -419,13 +419,6 @@ static errno_t ldap_init_misc(struct be_ctx *be_ctx,
- return ret;
- }
-
-- ret = sdap_setup_child();
-- if (ret != EOK) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup sdap child [%d]: %s\n",
-- ret, sss_strerror(ret));
-- return ret;
-- }
--
- /* Setup SRV lookup plugin */
- ret = be_fo_set_dns_srv_lookup_plugin(be_ctx, NULL);
- if (ret != EOK) {
-diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c
-index a03d28c9c..9d25aea8b 100644
---- a/src/providers/ldap/sdap_child_helpers.c
-+++ b/src/providers/ldap/sdap_child_helpers.c
-@@ -111,7 +111,7 @@ static errno_t sdap_fork_child(struct tevent_context *ev,
- if (pid == 0) { /* child */
- exec_child(child,
- pipefd_to_child, pipefd_from_child,
-- LDAP_CHILD, ldap_child_debug_fd);
-+ LDAP_CHILD, LDAP_CHILD_LOG_FILE);
-
- /* We should never get here */
- DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec LDAP child\n");
-@@ -512,11 +512,3 @@ static errno_t set_tgt_child_timeout(struct tevent_req *req,
-
- return EOK;
- }
--
--
--
--/* Setup child logging */
--int sdap_setup_child(void)
--{
-- return child_debug_init(LDAP_CHILD_LOG_FILE, &ldap_child_debug_fd);
--}
-diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
-index a4c9ebbbb..dde44a472 100644
---- a/src/responder/pam/pamsrv.c
-+++ b/src/responder/pam/pamsrv.c
-@@ -277,7 +277,6 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-- pctx->p11_child_debug_fd = -1;
- if (pctx->cert_auth) {
- ret = p11_child_init(pctx);
- if (ret != EOK) {
-diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
-index 24bd9764d..478d91b93 100644
---- a/src/responder/pam/pamsrv.h
-+++ b/src/responder/pam/pamsrv.h
-@@ -54,7 +54,6 @@ struct pam_ctx {
- char **app_services;
-
- bool cert_auth;
-- int p11_child_debug_fd;
- char *nss_db;
- struct sss_certmap_ctx *sss_certmap_ctx;
- char **smartcard_services;
-@@ -110,7 +109,6 @@ void sss_cai_check_users(struct cert_auth_info **list, size_t *_cert_count,
-
- struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
-- int child_debug_fd,
- const char *nss_db,
- time_t timeout,
- const char *verify_opts,
-diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
-index ddde9eda2..1cd901f15 100644
---- a/src/responder/pam/pamsrv_cmd.c
-+++ b/src/responder/pam/pamsrv_cmd.c
-@@ -1404,7 +1404,7 @@ static errno_t check_cert(TALLOC_CTX *mctx,
- return ret;
- }
-
-- req = pam_check_cert_send(mctx, ev, pctx->p11_child_debug_fd,
-+ req = pam_check_cert_send(mctx, ev,
- pctx->nss_db, p11_child_timeout,
- cert_verification_opts, pctx->sss_certmap_ctx,
- uri, pd);
-diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
-index 8e276b200..3f0afaeff 100644
---- a/src/responder/pam/pamsrv_p11.c
-+++ b/src/responder/pam/pamsrv_p11.c
-@@ -242,7 +242,7 @@ errno_t p11_child_init(struct pam_ctx *pctx)
- return ret;
- }
-
-- return child_debug_init(P11_CHILD_LOG_FILE, &pctx->p11_child_debug_fd);
-+ return EOK;
- }
-
- static inline bool
-@@ -705,7 +705,6 @@ static void p11_child_timeout(struct tevent_context *ev,
-
- struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
-- int child_debug_fd,
- const char *nss_db,
- time_t timeout,
- const char *verify_opts,
-@@ -838,14 +837,10 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-- if (child_debug_fd == -1) {
-- child_debug_fd = STDERR_FILENO;
-- }
--
- child_pid = fork();
- if (child_pid == 0) { /* child */
- exec_child_ex(state, pipefd_to_child, pipefd_from_child,
-- P11_CHILD_PATH, child_debug_fd, extra_args, false,
-+ P11_CHILD_PATH, P11_CHILD_LOG_FILE, extra_args, false,
- STDIN_FILENO, STDOUT_FILENO);
-
- /* We should never get here */
-diff --git a/src/responder/ssh/ssh_private.h b/src/responder/ssh/ssh_private.h
-index 028ccd616..5aa7e37d6 100644
---- a/src/responder/ssh/ssh_private.h
-+++ b/src/responder/ssh/ssh_private.h
-@@ -36,7 +36,6 @@ struct ssh_ctx {
- char *ca_db;
- bool use_cert_keys;
-
-- int p11_child_debug_fd;
- time_t certmap_last_read;
- struct sss_certmap_ctx *sss_certmap_ctx;
- char **cert_rules;
-diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
-index 97914266d..edeb28765 100644
---- a/src/responder/ssh/ssh_reply.c
-+++ b/src/responder/ssh/ssh_reply.c
-@@ -249,7 +249,7 @@ struct tevent_req *ssh_get_output_keys_send(TALLOC_CTX *mem_ctx,
- : state->user_cert_override;
-
- subreq = cert_to_ssh_key_send(state, state->ev,
-- state->ssh_ctx->p11_child_debug_fd,
-+ P11_CHILD_LOG_FILE,
- state->p11_child_timeout,
- state->ssh_ctx->ca_db,
- state->ssh_ctx->sss_certmap_ctx,
-@@ -335,7 +335,7 @@ void ssh_get_output_keys_done(struct tevent_req *subreq)
- goto done;
- }
-
-- subreq = cert_to_ssh_key_send(state, state->ev, -1,
-+ subreq = cert_to_ssh_key_send(state, state->ev, NULL,
- state->p11_child_timeout,
- state->ssh_ctx->ca_db,
- state->ssh_ctx->sss_certmap_ctx,
-diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c
-index 7765e91b8..6072a702c 100644
---- a/src/responder/ssh/sshsrv.c
-+++ b/src/responder/ssh/sshsrv.c
-@@ -126,16 +126,6 @@ int ssh_process_init(TALLOC_CTX *mem_ctx,
- goto fail;
- }
-
-- ssh_ctx->p11_child_debug_fd = -1;
-- if (ssh_ctx->use_cert_keys) {
-- ret = child_debug_init(P11_CHILD_LOG_FILE,
-- &ssh_ctx->p11_child_debug_fd);
-- if (ret != EOK) {
-- DEBUG(SSSDBG_FATAL_FAILURE,
-- "Failed to setup p11_child logging, ignored.\n");
-- }
-- }
--
- ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
-diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
-index 848ed1a8d..1ff20576a 100644
---- a/src/tests/cmocka/test_cert_utils.c
-+++ b/src/tests/cmocka/test_cert_utils.c
-@@ -391,7 +391,7 @@ void test_cert_to_ssh_key_send(void **state)
- ev = tevent_context_init(ts);
- assert_non_null(ev);
-
-- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
-+ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
- #ifdef HAVE_NSS
- "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
- #else
-@@ -465,7 +465,7 @@ void test_cert_to_ssh_2keys_send(void **state)
- ev = tevent_context_init(ts);
- assert_non_null(ev);
-
-- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
-+ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
- #ifdef HAVE_NSS
- "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
- #else
-@@ -548,7 +548,7 @@ void test_cert_to_ssh_2keys_invalid_send(void **state)
- ev = tevent_context_init(ts);
- assert_non_null(ev);
-
-- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
-+ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
- #ifdef HAVE_NSS
- "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
- #else
-@@ -614,7 +614,7 @@ void test_ec_cert_to_ssh_key_send(void **state)
- ev = tevent_context_init(ts);
- assert_non_null(ev);
-
-- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
-+ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
- #ifdef HAVE_NSS
- "sql:" ABS_BUILD_DIR "/src/tests/test_ECC_CA/p11_ecc_nssdb",
- #else
-@@ -691,7 +691,7 @@ void test_cert_to_ssh_2keys_with_certmap_send(void **state)
- ev = tevent_context_init(ts);
- assert_non_null(ev);
-
-- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
-+ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
- #ifdef HAVE_NSS
- "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
- #else
-@@ -769,7 +769,7 @@ void test_cert_to_ssh_2keys_with_certmap_2_send(void **state)
- ev = tevent_context_init(ts);
- assert_non_null(ev);
-
-- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
-+ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
- #ifdef HAVE_NSS
- "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
- #else
-diff --git a/src/util/cert.h b/src/util/cert.h
-index d038a99f6..16dda37b3 100644
---- a/src/util/cert.h
-+++ b/src/util/cert.h
-@@ -57,7 +57,7 @@ errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64,
-
- struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
-- int child_debug_fd, time_t timeout,
-+ const char *logfile, time_t timeout,
- const char *ca_db,
- struct sss_certmap_ctx *sss_certmap_ctx,
- size_t cert_count,
-diff --git a/src/util/cert/cert_common_p11_child.c b/src/util/cert/cert_common_p11_child.c
-index 1846ff89a..18a331f23 100644
---- a/src/util/cert/cert_common_p11_child.c
-+++ b/src/util/cert/cert_common_p11_child.c
-@@ -24,7 +24,7 @@
-
- struct cert_to_ssh_key_state {
- struct tevent_context *ev;
-- int child_debug_fd;
-+ const char *logfile;
- time_t timeout;
- const char **extra_args;
- const char **certs;
-@@ -45,7 +45,7 @@ static void cert_to_ssh_key_done(int child_status,
-
- struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
-- int child_debug_fd, time_t timeout,
-+ const char *logfile, time_t timeout,
- const char *ca_db,
- struct sss_certmap_ctx *sss_certmap_ctx,
- size_t cert_count,
-@@ -70,8 +70,7 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- }
-
- state->ev = ev;
-- state->child_debug_fd = (child_debug_fd == -1) ? STDERR_FILENO
-- : child_debug_fd;
-+ state->logfile = logfile;
- state->timeout = timeout;
- state->io = talloc(state, struct child_io_fds);
- if (state->io == NULL) {
-@@ -205,7 +204,7 @@ static errno_t cert_to_ssh_key_step(struct tevent_req *req)
- child_pid = fork();
- if (child_pid == 0) { /* child */
- exec_child_ex(state, pipefd_to_child, pipefd_from_child, P11_CHILD_PATH,
-- state->child_debug_fd, state->extra_args, false,
-+ state->logfile, state->extra_args, false,
- STDIN_FILENO, STDOUT_FILENO);
- /* We should never get here */
- DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n");
-diff --git a/src/util/child_common.c b/src/util/child_common.c
-index 3a07580c2..5cac725ca 100644
---- a/src/util/child_common.c
-+++ b/src/util/child_common.c
-@@ -47,6 +47,8 @@ struct sss_child_ctx {
- struct sss_sigchild_ctx *sigchld_ctx;
- };
-
-+static errno_t child_debug_init(const char *logfile, int *debug_fd);
-+
- static void sss_child_handler(struct tevent_context *ev,
- struct tevent_signal *se,
- int signum,
-@@ -725,13 +727,24 @@ fail:
-
- void exec_child_ex(TALLOC_CTX *mem_ctx,
- int *pipefd_to_child, int *pipefd_from_child,
-- const char *binary, int debug_fd,
-+ const char *binary, const char *logfile,
- const char *extra_argv[], bool extra_args_only,
- int child_in_fd, int child_out_fd)
- {
- int ret;
- errno_t err;
- char **argv;
-+ int debug_fd = -1;
-+
-+ if (logfile) {
-+ ret = child_debug_init(logfile, &debug_fd);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "child_debug_init() failed.\n");
-+ exit(EXIT_FAILURE);
-+ }
-+ } else {
-+ debug_fd = STDERR_FILENO;
-+ }
-
- close(pipefd_to_child[1]);
- ret = dup2(pipefd_to_child[0], child_in_fd);
-@@ -767,10 +780,10 @@ void exec_child_ex(TALLOC_CTX *mem_ctx,
-
- void exec_child(TALLOC_CTX *mem_ctx,
- int *pipefd_to_child, int *pipefd_from_child,
-- const char *binary, int debug_fd)
-+ const char *binary, const char *logfile)
- {
- exec_child_ex(mem_ctx, pipefd_to_child, pipefd_from_child,
-- binary, debug_fd, NULL, false,
-+ binary, logfile, NULL, false,
- STDIN_FILENO, STDOUT_FILENO);
- }
-
-@@ -803,7 +816,7 @@ int child_io_destructor(void *ptr)
- return EOK;
- }
-
--errno_t child_debug_init(const char *logfile, int *debug_fd)
-+static errno_t child_debug_init(const char *logfile, int *debug_fd)
- {
- int ret;
- FILE *debug_filep;
-diff --git a/src/util/child_common.h b/src/util/child_common.h
-index 37116e2a7..92d66a500 100644
---- a/src/util/child_common.h
-+++ b/src/util/child_common.h
-@@ -106,7 +106,7 @@ void fd_nonblocking(int fd);
- /* Never returns EOK, ether returns an error, or doesn't return on success */
- void exec_child_ex(TALLOC_CTX *mem_ctx,
- int *pipefd_to_child, int *pipefd_from_child,
-- const char *binary, int debug_fd,
-+ const char *binary, const char *logfile,
- const char *extra_argv[], bool extra_args_only,
- int child_in_fd, int child_out_fd);
-
-@@ -115,10 +115,8 @@ void exec_child_ex(TALLOC_CTX *mem_ctx,
- */
- void exec_child(TALLOC_CTX *mem_ctx,
- int *pipefd_to_child, int *pipefd_from_child,
-- const char *binary, int debug_fd);
-+ const char *binary, const char *logfile);
-
- int child_io_destructor(void *ptr);
-
--errno_t child_debug_init(const char *logfile, int *debug_fd);
--
- #endif /* __CHILD_COMMON_H__ */
---
-2.21.3
-
diff --git a/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch b/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
deleted file mode 100644
index f1dc851..0000000
--- a/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From e58853f9ce63fae0c8b219b79be65c760a2f3e7e Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 5 Jun 2020 13:57:59 +0200
-Subject: [PATCH] DEBUG: use new exec_child(_ex) interface in tests
-
-Resolves: https://github.com/SSSD/sssd/issues/4667
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/tests/cmocka/test_child_common.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/src/tests/cmocka/test_child_common.c b/src/tests/cmocka/test_child_common.c
-index 5cf460b50..87cae3405 100644
---- a/src/tests/cmocka/test_child_common.c
-+++ b/src/tests/cmocka/test_child_common.c
-@@ -97,7 +97,7 @@ void test_exec_child(void **state)
- exec_child(child_tctx,
- child_tctx->pipefd_to_child,
- child_tctx->pipefd_from_child,
-- CHILD_DIR"/"TEST_BIN, 2);
-+ CHILD_DIR"/"TEST_BIN, NULL);
- } else {
- do {
- errno = 0;
-@@ -168,7 +168,7 @@ static void extra_args_test(struct child_test_ctx *child_tctx,
- exec_child_ex(child_tctx,
- child_tctx->pipefd_to_child,
- child_tctx->pipefd_from_child,
-- CHILD_DIR"/"TEST_BIN, 2, extra_args,
-+ CHILD_DIR"/"TEST_BIN, NULL, extra_args,
- extra_args_only,
- STDIN_FILENO, STDOUT_FILENO);
- } else {
-@@ -291,7 +291,7 @@ void test_exec_child_handler(void **state)
- exec_child(child_tctx,
- child_tctx->pipefd_to_child,
- child_tctx->pipefd_from_child,
-- CHILD_DIR"/"TEST_BIN, 2);
-+ CHILD_DIR"/"TEST_BIN, NULL);
- }
-
- ret = child_handler_setup(child_tctx->test_ctx->ev, child_pid,
-@@ -341,7 +341,7 @@ void test_exec_child_echo(void **state)
- exec_child_ex(child_tctx,
- child_tctx->pipefd_to_child,
- child_tctx->pipefd_from_child,
-- CHILD_DIR"/"TEST_BIN, 2, NULL, false,
-+ CHILD_DIR"/"TEST_BIN, NULL, NULL, false,
- STDIN_FILENO, 3);
- }
-
-@@ -474,7 +474,7 @@ void test_sss_child(void **state)
- exec_child(child_tctx,
- child_tctx->pipefd_to_child,
- child_tctx->pipefd_from_child,
-- CHILD_DIR"/"TEST_BIN, 2);
-+ CHILD_DIR"/"TEST_BIN, NULL);
- }
-
- ret = sss_child_register(child_tctx, sc_ctx,
---
-2.21.3
-
diff --git a/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch b/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
deleted file mode 100644
index fb1911d..0000000
--- a/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 88e92967a7b4e3e4501b17f21812467effa331c7 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 16 Jun 2020 13:51:28 +0200
-Subject: [PATCH] NEGCACHE: skip permanent entries in [users/groups] reset
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Files provider calling `sss_ncache_reset_[users/groups]()`
-during cache rebuilding was breaking neg-cache prepopulation.
-
-Resolves: https://github.com/SSSD/sssd/issues/1024
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/responder/common/negcache.c | 9 +++++++++
- src/responder/common/negcache.h | 1 +
- 2 files changed, 10 insertions(+)
-
-diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
-index d9545aef6..ce1c0ab8c 100644
---- a/src/responder/common/negcache.c
-+++ b/src/responder/common/negcache.c
-@@ -900,12 +900,21 @@ static int delete_prefix(struct tdb_context *tdb,
- TDB_DATA key, TDB_DATA data, void *state)
- {
- const char *prefix = (const char *) state;
-+ unsigned long long int timestamp;
-+ char *ep = NULL;
-
- if (strncmp((char *)key.dptr, prefix, strlen(prefix) - 1) != 0) {
- /* not interested in this key */
- return 0;
- }
-
-+ errno = 0;
-+ timestamp = strtoull((const char *)data.dptr, &ep, 10);
-+ if ((errno == 0) && (*ep == '\0') && (timestamp == 0)) {
-+ /* skip permanent entries */
-+ return 0;
-+ }
-+
- return tdb_delete(tdb, key);
- }
-
-diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
-index a80412215..4dcfb5e8f 100644
---- a/src/responder/common/negcache.h
-+++ b/src/responder/common/negcache.h
-@@ -146,6 +146,7 @@ int sss_ncache_set_locate_uid(struct sss_nc_ctx *ctx,
- uid_t uid);
-
- int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx);
-+/* sss_ncache_reset_[users/groups] skips permanent entries */
- int sss_ncache_reset_users(struct sss_nc_ctx *ctx);
- int sss_ncache_reset_groups(struct sss_nc_ctx *ctx);
-
---
-2.21.3
-
diff --git a/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch b/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch
deleted file mode 100644
index 442552a..0000000
--- a/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 144e78dfebc0fd01feb6c11a37f81d01146cf33a Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Fri, 12 Jun 2020 19:10:33 +0200
-Subject: [PATCH] util/inotify: fixed CLANG_WARNING
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixed following warning:
-```
-sssd-2.3.1/src/util/inotify.c:346:17: warning: Value stored to 'ret' is never read
- # ret = EOK;
- # ^ ~~~
-```
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/util/inotify.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/util/inotify.c b/src/util/inotify.c
-index ffc15ad4d..cf3e3d84d 100644
---- a/src/util/inotify.c
-+++ b/src/util/inotify.c
-@@ -319,7 +319,9 @@ static void snotify_internal_cb(struct tevent_context *ev,
-
- in_event = (const struct inotify_event *) ptr;
-
-- //debug_flags(in_event->mask, in_event->name);
-+#if 0
-+ debug_flags(in_event->mask, in_event->name);
-+#endif
-
- if (snctx->wctx->dir_wd == in_event->wd) {
- ret = process_dir_event(snctx, in_event);
-@@ -343,7 +345,6 @@ static void snotify_internal_cb(struct tevent_context *ev,
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "Unknown watch %d\n", in_event->wd);
-- ret = EOK;
- }
- }
- }
---
-2.21.3
-
diff --git a/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch b/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
deleted file mode 100644
index 6ff905e..0000000
--- a/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From 0c5711f9bae1cb46d4cd3fbe5d86d8688087be13 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Fri, 12 Jun 2020 20:45:23 +0200
-Subject: [PATCH] util/inotify: fixed bug in inotify event processing
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Error was spotted with the help of the following warning:
-```
-Error: CLANG_WARNING:
-sssd-2.3.1/src/util/inotify.c:327:21: warning: Value stored to 'rewatch' is never read
- # rewatch = true;
- # ^ ~~~~
-```
-
-First part of the issue was that EAGAIN returned by the process_dir_event()
-didn't trigger snotify_rewatch() (as suggested by the comments).
-Fixing this part is already enough to resolve issue #1031 (as it was
-reported).
-
-Another part of the issue was that process_file_event() return code wasn't
-checked against EAGAIN (again, as suggested by the DEBUG message).
-Strictly speaking, I'm not sure if this part is really required or
-if processing DIR events would cover all cases, but rebuilding watches
-on IN_IGNORED won't hurt.
-
-Resolves: https://github.com/SSSD/sssd/issues/1031
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/util/inotify.c | 30 +++++++++++++-----------------
- 1 file changed, 13 insertions(+), 17 deletions(-)
-
-diff --git a/src/util/inotify.c b/src/util/inotify.c
-index cf3e3d84d..a3c33eddb 100644
---- a/src/util/inotify.c
-+++ b/src/util/inotify.c
-@@ -286,7 +286,7 @@ static void snotify_internal_cb(struct tevent_context *ev,
- struct snotify_ctx *snctx;
- ssize_t len;
- errno_t ret;
-- bool rewatch;
-+ bool rewatch = false;
-
- snctx = talloc_get_type(data, struct snotify_ctx);
- if (snctx == NULL) {
-@@ -305,7 +305,7 @@ static void snotify_internal_cb(struct tevent_context *ev,
- } else {
- DEBUG(SSSDBG_TRACE_INTERNAL, "All inotify events processed\n");
- }
-- return;
-+ break;
- }
-
- if ((size_t) len < sizeof(struct inotify_event)) {
-@@ -325,26 +325,22 @@ static void snotify_internal_cb(struct tevent_context *ev,
-
- if (snctx->wctx->dir_wd == in_event->wd) {
- ret = process_dir_event(snctx, in_event);
-- if (ret == EAGAIN) {
-- rewatch = true;
-- /* Continue with the loop and read all the events from
-- * this descriptor first, then rewatch when done
-- */
-- } else if (ret != EOK) {
-- DEBUG(SSSDBG_MINOR_FAILURE,
-- "Failed to process inotify event\n");
-- continue;
-- }
- } else if (snctx->wctx->file_wd == in_event->wd) {
- ret = process_file_event(snctx, in_event);
-- if (ret != EOK) {
-- DEBUG(SSSDBG_MINOR_FAILURE,
-- "Failed to process inotify event\n");
-- continue;
-- }
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "Unknown watch %d\n", in_event->wd);
-+ ret = EOK;
-+ }
-+
-+ if (ret == EAGAIN) {
-+ rewatch = true;
-+ /* Continue with the loop and read all the events from
-+ * this descriptor first, then rewatch when done
-+ */
-+ } else if (ret != EOK) {
-+ DEBUG(SSSDBG_MINOR_FAILURE,
-+ "Failed to process inotify event\n");
- }
- }
- }
---
-2.21.3
-
diff --git a/SOURCES/0009-Replaced-enter-with-insert.patch b/SOURCES/0009-Replaced-enter-with-insert.patch
deleted file mode 100644
index 400d261..0000000
--- a/SOURCES/0009-Replaced-enter-with-insert.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 02fbf47a85228c131f1b0575da091a01da700189 Mon Sep 17 00:00:00 2001
-From: vinay mishra <vmishra@redhat.com>
-Date: Mon, 18 May 2020 10:32:55 +0530
-Subject: [PATCH] Replaced 'enter' with 'insert'
-
-Resolves: https://github.com/SSSD/sssd/issues/5164
-
-Signed-off-by: vinay mishra <vmishra@redhat.com>
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/sss_client/pam_sss.c | 4 ++--
- src/tests/intg/test_pam_responder.py | 2 +-
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
-index d4f0a8917..69b440774 100644
---- a/src/sss_client/pam_sss.c
-+++ b/src/sss_client/pam_sss.c
-@@ -2422,8 +2422,8 @@ static int get_authtok_for_password_change(pam_handle_t *pamh,
- return PAM_SUCCESS;
- }
-
--#define SC_ENTER_LABEL_FMT "Please enter smart card labeled\n %s"
--#define SC_ENTER_FMT "Please enter smart card"
-+#define SC_ENTER_LABEL_FMT "Please insert smart card labeled\n %s"
-+#define SC_ENTER_FMT "Please insert smart card"
-
- static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
- int retries, bool quiet_mode)
-diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py
-index 9b5e650ca..7a2458339 100644
---- a/src/tests/intg/test_pam_responder.py
-+++ b/src/tests/intg/test_pam_responder.py
-@@ -512,7 +512,7 @@ def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl):
- assert end_time > start_time and \
- (end_time - start_time) >= 20 and \
- (end_time - start_time) < 40
-- assert out.find("Please enter smart card\nPlease enter smart card") != -1
-+ assert out.find("Please insert smart card\nPlease insert smart card") != -1
- assert err.find("pam_authenticate for user [user1]: Authentication " +
- "service cannot retrieve authentication info") != -1
-
---
-2.21.3
-
diff --git a/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch b/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
deleted file mode 100644
index 31c91ee..0000000
--- a/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-From aac4dbb17f3e19a2fbeefb38b3319827d3bf820e Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 13 May 2020 13:13:43 +0200
-Subject: [PATCH] NSS client: preserve errno during _nss_sss_end* calls
-
-glibc does not expect that errno is changed by some of the calls
-provided by nss modules. This caused at least issues when
-_nss_sss_endpwent() is called in compat mode. According to
-https://pubs.opengroup.org/onlinepubs/9699919799/functions/endpwent.html
-endpwent() should only set errno in the case of an error. Since there is
-no other way to report an error we will set errno in the case of an
-error but preserve it otherwise. This should cause no issues because
-glibc is taking precautions as well tracked by
-https://sourceware.org/bugzilla/show_bug.cgi?id=25976.
-
-To be on the safe side the other _nss_sss_end* calls will show the same
-behavior.
-
-Resolves: https://github.com/SSSD/sssd/issues/5153
-
-Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
----
- src/sss_client/nss_group.c | 3 +++
- src/sss_client/nss_hosts.c | 4 +++-
- src/sss_client/nss_ipnetworks.c | 4 +++-
- src/sss_client/nss_netgroup.c | 3 +++
- src/sss_client/nss_passwd.c | 3 +++
- src/sss_client/nss_services.c | 3 +++
- 6 files changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c
-index 5ab2bdf78..4a201bf09 100644
---- a/src/sss_client/nss_group.c
-+++ b/src/sss_client/nss_group.c
-@@ -735,6 +735,7 @@ enum nss_status _nss_sss_endgrent(void)
- {
- enum nss_status nret;
- int errnop;
-+ int saved_errno = errno;
-
- sss_nss_lock();
-
-@@ -745,6 +746,8 @@ enum nss_status _nss_sss_endgrent(void)
- NULL, NULL, NULL, &errnop);
- if (nret != NSS_STATUS_SUCCESS) {
- errno = errnop;
-+ } else {
-+ errno = saved_errno;
- }
-
- sss_nss_unlock();
-diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c
-index 5e279468b..aa2676286 100644
---- a/src/sss_client/nss_hosts.c
-+++ b/src/sss_client/nss_hosts.c
-@@ -565,6 +565,7 @@ _nss_sss_endhostent(void)
- {
- enum nss_status nret;
- int errnop;
-+ int saved_errno = errno;
-
- sss_nss_lock();
-
-@@ -575,9 +576,10 @@ _nss_sss_endhostent(void)
- NULL, NULL, NULL, &errnop);
- if (nret != NSS_STATUS_SUCCESS) {
- errno = errnop;
-+ } else {
-+ errno = saved_errno;
- }
-
- sss_nss_unlock();
--
- return nret;
- }
-diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c
-index 15fee6039..08070499d 100644
---- a/src/sss_client/nss_ipnetworks.c
-+++ b/src/sss_client/nss_ipnetworks.c
-@@ -510,6 +510,7 @@ _nss_sss_endnetent(void)
- {
- enum nss_status nret;
- int errnop;
-+ int saved_errno = errno;
-
- sss_nss_lock();
-
-@@ -520,10 +521,11 @@ _nss_sss_endnetent(void)
- NULL, NULL, NULL, &errnop);
- if (nret != NSS_STATUS_SUCCESS) {
- errno = errnop;
-+ } else {
-+ errno = saved_errno;
- }
-
- sss_nss_unlock();
--
- return nret;
- }
-
-diff --git a/src/sss_client/nss_netgroup.c b/src/sss_client/nss_netgroup.c
-index 3a1834a31..2fc88f8ae 100644
---- a/src/sss_client/nss_netgroup.c
-+++ b/src/sss_client/nss_netgroup.c
-@@ -309,6 +309,7 @@ enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
- {
- enum nss_status nret;
- int errnop;
-+ int saved_errno = errno;
-
- sss_nss_lock();
-
-@@ -319,6 +320,8 @@ enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
- NULL, NULL, NULL, &errnop);
- if (nret != NSS_STATUS_SUCCESS) {
- errno = errnop;
-+ } else {
-+ errno = saved_errno;
- }
-
- sss_nss_unlock();
-diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c
-index 96368bd6e..c386dd370 100644
---- a/src/sss_client/nss_passwd.c
-+++ b/src/sss_client/nss_passwd.c
-@@ -455,6 +455,7 @@ enum nss_status _nss_sss_endpwent(void)
- {
- enum nss_status nret;
- int errnop;
-+ int saved_errno = errno;
-
- sss_nss_lock();
-
-@@ -465,6 +466,8 @@ enum nss_status _nss_sss_endpwent(void)
- NULL, NULL, NULL, &errnop);
- if (nret != NSS_STATUS_SUCCESS) {
- errno = errnop;
-+ } else {
-+ errno = saved_errno;
- }
-
- sss_nss_unlock();
-diff --git a/src/sss_client/nss_services.c b/src/sss_client/nss_services.c
-index 13cb4c3ab..f8c2092cb 100644
---- a/src/sss_client/nss_services.c
-+++ b/src/sss_client/nss_services.c
-@@ -484,6 +484,7 @@ _nss_sss_endservent(void)
- {
- enum nss_status nret;
- int errnop;
-+ int saved_errno = errno;
-
- sss_nss_lock();
-
-@@ -494,6 +495,8 @@ _nss_sss_endservent(void)
- NULL, NULL, NULL, &errnop);
- if (nret != NSS_STATUS_SUCCESS) {
- errno = errnop;
-+ } else {
-+ errno = saved_errno;
- }
-
- sss_nss_unlock();
---
-2.21.3
-
diff --git a/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch b/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch
deleted file mode 100644
index dc2b0e6..0000000
--- a/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From df632eec450791559a4a7644f241964397c10ff9 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 5 Jun 2020 13:59:25 +0200
-Subject: [PATCH] ipa: add failover to subdomain override lookups
-
-In the ipa_subdomain_account request failover handling was missing.
-
-Related to https://github.com/SSSD/sssd/issues/5075
- (was https://pagure.io/SSSD/sssd/issue/4114)
-
-Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
----
- src/providers/ipa/ipa_subdomains_id.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
-index 1224c7b73..36f32fae8 100644
---- a/src/providers/ipa/ipa_subdomains_id.c
-+++ b/src/providers/ipa/ipa_subdomains_id.c
-@@ -208,6 +208,20 @@ static void ipa_subdomain_account_got_override(struct tevent_req *subreq)
- &state->override_attrs);
- talloc_zfree(subreq);
- if (ret != EOK) {
-+ ret = sdap_id_op_done(state->op, ret, &dp_error);
-+
-+ if (dp_error == DP_ERR_OK && ret != EOK) {
-+ /* retry */
-+ subreq = sdap_id_op_connect_send(state->op, state, &ret);
-+ if (subreq == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_connect_send failed.\n");
-+ goto fail;
-+ }
-+ tevent_req_set_callback(subreq, ipa_subdomain_account_connected,
-+ req);
-+ return;
-+ }
-+
- DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);
- goto fail;
- }
---
-2.21.3
-
diff --git a/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch b/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch
deleted file mode 100644
index 39b2e20..0000000
--- a/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From dce025b882db7247571b135e928afb47f069a60f Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 27 Feb 2020 06:54:21 +0100
-Subject: [PATCH] GPO: fix link order in a SOM
-
-GPOs of the same OU were applied in the wrong order. Details about how
-GPOs should be processed can be found e.g. at
-https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)
-
-Resolves: https://github.com/SSSD/sssd/issues/5103
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/providers/ad/ad_gpo.c | 59 +++++++++++++++++++++++++++++----------
- 1 file changed, 45 insertions(+), 14 deletions(-)
-
-diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
-index bbe8d8a1e..1524c4bfc 100644
---- a/src/providers/ad/ad_gpo.c
-+++ b/src/providers/ad/ad_gpo.c
-@@ -3511,14 +3511,19 @@ ad_gpo_process_som_recv(struct tevent_req *req,
- * - GPOs linked to an OU will be applied after GPOs linked to a Domain,
- * which will be applied after GPOs linked to a Site.
- * - multiple GPOs linked to a single SOM are applied in their link order
-- * (i.e. 1st GPO linked to SOM is applied after 2nd GPO linked to SOM, etc).
-+ * (i.e. 1st GPO linked to SOM is applied before 2nd GPO linked to SOM, etc).
- * - enforced GPOs are applied after unenforced GPOs.
- *
- * As such, the _candidate_gpos output's dn fields looks like (in link order):
-- * [unenforced {Site, Domain, OU}; enforced {Site, Domain, OU}]
-+ * [unenforced {Site, Domain, OU}; enforced {OU, Domain, Site}]
- *
- * Note that in the case of conflicting policy settings, GPOs appearing later
-- * in the list will trump GPOs appearing earlier in the list.
-+ * in the list will trump GPOs appearing earlier in the list. Therefore the
-+ * enforced GPOs are applied in revers order after the unenforced GPOs to
-+ * make sure the enforced setting form the highest level will be applied.
-+ *
-+ * GPO processing details can be found e.g. at
-+ * https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)
- */
- static errno_t
- ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
-@@ -3542,6 +3547,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
- int i = 0;
- int j = 0;
- int ret;
-+ size_t som_count = 0;
-
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
-@@ -3568,6 +3574,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
- }
- i++;
- }
-+ som_count = i;
-
- num_candidate_gpos = num_enforced + num_unenforced;
-
-@@ -3590,9 +3597,43 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-+ i = som_count -1 ;
-+ while (i >= 0) {
-+ gp_som = som_list[i];
-+
-+ /* For unenforced_gpo_dns the most specific GPOs with the highest
-+ * priority should be the last. We start with the top-level SOM and go
-+ * down to the most specific one and add the unenforced following the
-+ * gplink_list where the GPO with the highest priority comes last. */
-+ j = 0;
-+ while (gp_som && gp_som->gplink_list && gp_som->gplink_list[j]) {
-+ gp_gplink = gp_som->gplink_list[j];
-+
-+ if (!gp_gplink->enforced) {
-+ unenforced_gpo_dns[unenforced_idx] =
-+ talloc_steal(unenforced_gpo_dns, gp_gplink->gpo_dn);
-+
-+ if (unenforced_gpo_dns[unenforced_idx] == NULL) {
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+ unenforced_idx++;
-+ }
-+ j++;
-+ }
-+ i--;
-+ }
-+
- i = 0;
- while (som_list[i]) {
- gp_som = som_list[i];
-+
-+ /* For enforced GPOs we start processing with the most specific SOM to
-+ * make sur enforced GPOs from higher levels override to lower level
-+ * ones. According to the 'Group Policy Inheritance' tab in the
-+ * Windows 'Goup Policy Management' utility in the same SOM the link
-+ * order is still observed and an enforced GPO with a lower link order
-+ * value still overrides an enforced GPO with a higher link order. */
- j = 0;
- while (gp_som && gp_som->gplink_list && gp_som->gplink_list[j]) {
- gp_gplink = gp_som->gplink_list[j];
-@@ -3610,16 +3651,6 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
- goto done;
- }
- enforced_idx++;
-- } else {
--
-- unenforced_gpo_dns[unenforced_idx] =
-- talloc_steal(unenforced_gpo_dns, gp_gplink->gpo_dn);
--
-- if (unenforced_gpo_dns[unenforced_idx] == NULL) {
-- ret = ENOMEM;
-- goto done;
-- }
-- unenforced_idx++;
- }
- j++;
- }
-@@ -3638,7 +3669,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
- }
-
- gpo_dn_idx = 0;
-- for (i = num_unenforced - 1; i >= 0; i--) {
-+ for (i = 0; i < num_unenforced; i++) {
- candidate_gpos[gpo_dn_idx] = talloc_zero(candidate_gpos, struct gp_gpo);
- if (candidate_gpos[gpo_dn_idx] == NULL) {
- ret = ENOMEM;
---
-2.21.3
-
diff --git a/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch b/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
deleted file mode 100644
index c16d932..0000000
--- a/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 8ca799ea968e548337acb0300642a0d88f1bba9b Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 7 May 2020 15:47:35 +0200
-Subject: [PATCH 13/19] sysdb: make sysdb_update_subdomains() more robust
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some NULL checks are added basically to allow that missing values can be
-set later.
-
-Resolves: https://github.com/SSSD/sssd/issues/5151
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/db/sysdb_subdomains.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
-index b170d1978..d256817a6 100644
---- a/src/db/sysdb_subdomains.c
-+++ b/src/db/sysdb_subdomains.c
-@@ -421,7 +421,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
- }
-
- /* in theory these may change, but it should never happen */
-- if (strcasecmp(dom->realm, realm) != 0) {
-+ if ((dom->realm == NULL && realm != NULL)
-+ || (dom->realm != NULL && realm != NULL
-+ && strcasecmp(dom->realm, realm) != 0)) {
- DEBUG(SSSDBG_TRACE_INTERNAL,
- "Realm name changed from [%s] to [%s]!\n",
- dom->realm, realm);
-@@ -432,7 +434,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
- goto done;
- }
- }
-- if (strcasecmp(dom->flat_name, flat) != 0) {
-+ if ((dom->flat_name == NULL && flat != NULL)
-+ || (dom->flat_name != NULL && flat != NULL
-+ && strcasecmp(dom->flat_name, flat) != 0)) {
- DEBUG(SSSDBG_TRACE_INTERNAL,
- "Flat name changed from [%s] to [%s]!\n",
- dom->flat_name, flat);
-@@ -443,7 +447,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
- goto done;
- }
- }
-- if (strcasecmp(dom->domain_id, id) != 0) {
-+ if ((dom->domain_id == NULL && id != NULL)
-+ || (dom->domain_id != NULL && id != NULL
-+ && strcasecmp(dom->domain_id, id) != 0)) {
- DEBUG(SSSDBG_TRACE_INTERNAL,
- "Domain changed from [%s] to [%s]!\n",
- dom->domain_id, id);
---
-2.21.3
-
diff --git a/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch b/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
deleted file mode 100644
index 5674c81..0000000
--- a/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
+++ /dev/null
@@ -1,334 +0,0 @@
-From d3089173dd8be85a83cf0236e116ba8e11326a6d Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 7 May 2020 16:51:02 +0200
-Subject: [PATCH 14/19] ad: rename ad_master_domain_* to ad_domain_info_*
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The ad_master_domain_{send|recv} are not specific to the master domain
-so a more generic name seems to be suitable.
-
-Resolves: https://github.com/SSSD/sssd/issues/5151
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_domain_info.c | 64 +++++++++++++++----------------
- src/providers/ad/ad_domain_info.h | 10 ++---
- src/providers/ad/ad_gpo.c | 8 ++--
- src/providers/ad/ad_id.c | 14 +++----
- src/providers/ad/ad_resolver.c | 8 ++--
- src/providers/ad/ad_subdomains.c | 8 ++--
- 6 files changed, 56 insertions(+), 56 deletions(-)
-
-diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
-index 5302c8083..52b2e2442 100644
---- a/src/providers/ad/ad_domain_info.c
-+++ b/src/providers/ad/ad_domain_info.c
-@@ -175,7 +175,7 @@ done:
- return ret;
- }
-
--struct ad_master_domain_state {
-+struct ad_domain_info_state {
- struct tevent_context *ev;
- struct sdap_id_conn_ctx *conn;
- struct sdap_id_op *id_op;
-@@ -191,22 +191,22 @@ struct ad_master_domain_state {
- char *sid;
- };
-
--static errno_t ad_master_domain_next(struct tevent_req *req);
--static void ad_master_domain_next_done(struct tevent_req *subreq);
--static void ad_master_domain_netlogon_done(struct tevent_req *req);
-+static errno_t ad_domain_info_next(struct tevent_req *req);
-+static void ad_domain_info_next_done(struct tevent_req *subreq);
-+static void ad_domain_info_netlogon_done(struct tevent_req *req);
-
- struct tevent_req *
--ad_master_domain_send(TALLOC_CTX *mem_ctx,
-- struct tevent_context *ev,
-- struct sdap_id_conn_ctx *conn,
-- struct sdap_id_op *op,
-- const char *dom_name)
-+ad_domain_info_send(TALLOC_CTX *mem_ctx,
-+ struct tevent_context *ev,
-+ struct sdap_id_conn_ctx *conn,
-+ struct sdap_id_op *op,
-+ const char *dom_name)
- {
- errno_t ret;
- struct tevent_req *req;
-- struct ad_master_domain_state *state;
-+ struct ad_domain_info_state *state;
-
-- req = tevent_req_create(mem_ctx, &state, struct ad_master_domain_state);
-+ req = tevent_req_create(mem_ctx, &state, struct ad_domain_info_state);
- if (!req) return NULL;
-
- state->ev = ev;
-@@ -216,7 +216,7 @@ ad_master_domain_send(TALLOC_CTX *mem_ctx,
- state->opts = conn->id_ctx->opts;
- state->dom_name = dom_name;
-
-- ret = ad_master_domain_next(req);
-+ ret = ad_domain_info_next(req);
- if (ret != EOK && ret != EAGAIN) {
- goto immediate;
- }
-@@ -234,14 +234,14 @@ immediate:
- }
-
- static errno_t
--ad_master_domain_next(struct tevent_req *req)
-+ad_domain_info_next(struct tevent_req *req)
- {
- struct tevent_req *subreq;
- struct sdap_search_base *base;
- const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL};
-
-- struct ad_master_domain_state *state =
-- tevent_req_data(req, struct ad_master_domain_state);
-+ struct ad_domain_info_state *state =
-+ tevent_req_data(req, struct ad_domain_info_state);
-
- base = state->opts->sdom->search_bases[state->base_iter];
- if (base == NULL) {
-@@ -261,13 +261,13 @@ ad_master_domain_next(struct tevent_req *req)
- DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n");
- return ENOMEM;
- }
-- tevent_req_set_callback(subreq, ad_master_domain_next_done, req);
-+ tevent_req_set_callback(subreq, ad_domain_info_next_done, req);
-
- return EAGAIN;
- }
-
- static void
--ad_master_domain_next_done(struct tevent_req *subreq)
-+ad_domain_info_next_done(struct tevent_req *subreq)
- {
- errno_t ret;
- size_t reply_count;
-@@ -281,8 +281,8 @@ ad_master_domain_next_done(struct tevent_req *subreq)
-
- struct tevent_req *req = tevent_req_callback_data(subreq,
- struct tevent_req);
-- struct ad_master_domain_state *state =
-- tevent_req_data(req, struct ad_master_domain_state);
-+ struct ad_domain_info_state *state =
-+ tevent_req_data(req, struct ad_domain_info_state);
-
- ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
- talloc_zfree(subreq);
-@@ -293,7 +293,7 @@ ad_master_domain_next_done(struct tevent_req *subreq)
-
- if (reply_count == 0) {
- state->base_iter++;
-- ret = ad_master_domain_next(req);
-+ ret = ad_domain_info_next(req);
- if (ret == EAGAIN) {
- /* Async request will get us back here again */
- return;
-@@ -362,7 +362,7 @@ ad_master_domain_next_done(struct tevent_req *subreq)
- goto done;
- }
-
-- tevent_req_set_callback(subreq, ad_master_domain_netlogon_done, req);
-+ tevent_req_set_callback(subreq, ad_domain_info_netlogon_done, req);
- return;
-
- done:
-@@ -370,7 +370,7 @@ done:
- }
-
- static void
--ad_master_domain_netlogon_done(struct tevent_req *subreq)
-+ad_domain_info_netlogon_done(struct tevent_req *subreq)
- {
- int ret;
- size_t reply_count;
-@@ -378,8 +378,8 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq)
-
- struct tevent_req *req = tevent_req_callback_data(subreq,
- struct tevent_req);
-- struct ad_master_domain_state *state =
-- tevent_req_data(req, struct ad_master_domain_state);
-+ struct ad_domain_info_state *state =
-+ tevent_req_data(req, struct ad_domain_info_state);
-
- ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
- talloc_zfree(subreq);
-@@ -422,15 +422,15 @@ done:
- }
-
- errno_t
--ad_master_domain_recv(struct tevent_req *req,
-- TALLOC_CTX *mem_ctx,
-- char **_flat,
-- char **_id,
-- char **_site,
-- char **_forest)
-+ad_domain_info_recv(struct tevent_req *req,
-+ TALLOC_CTX *mem_ctx,
-+ char **_flat,
-+ char **_id,
-+ char **_site,
-+ char **_forest)
- {
-- struct ad_master_domain_state *state = tevent_req_data(req,
-- struct ad_master_domain_state);
-+ struct ad_domain_info_state *state = tevent_req_data(req,
-+ struct ad_domain_info_state);
-
- TEVENT_REQ_RETURN_ON_ERROR(req);
-
-diff --git a/src/providers/ad/ad_domain_info.h b/src/providers/ad/ad_domain_info.h
-index b96e8a3c3..631e543f5 100644
---- a/src/providers/ad/ad_domain_info.h
-+++ b/src/providers/ad/ad_domain_info.h
-@@ -22,22 +22,22 @@
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
--#ifndef _AD_MASTER_DOMAIN_H_
--#define _AD_MASTER_DOMAIN_H_
-+#ifndef _AD_DOMAIN_INFO_H_
-+#define _AD_DOMAIN_INFO_H_
-
- struct tevent_req *
--ad_master_domain_send(TALLOC_CTX *mem_ctx,
-+ad_domain_info_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct sdap_id_conn_ctx *conn,
- struct sdap_id_op *op,
- const char *dom_name);
-
- errno_t
--ad_master_domain_recv(struct tevent_req *req,
-+ad_domain_info_recv(struct tevent_req *req,
- TALLOC_CTX *mem_ctx,
- char **_flat,
- char **_id,
- char **_site,
- char **_forest);
-
--#endif /* _AD_MASTER_DOMAIN_H_ */
-+#endif /* _AD_DOMAIN_INFO_H_ */
-diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
-index 1524c4bfc..53560a754 100644
---- a/src/providers/ad/ad_gpo.c
-+++ b/src/providers/ad/ad_gpo.c
-@@ -3151,11 +3151,11 @@ ad_gpo_process_som_send(TALLOC_CTX *mem_ctx,
- goto immediately;
- }
-
-- subreq = ad_master_domain_send(state, state->ev, conn,
-- state->sdap_op, domain_name);
-+ subreq = ad_domain_info_send(state, state->ev, conn,
-+ state->sdap_op, domain_name);
-
- if (subreq == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
-+ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
- ret = ENOMEM;
- goto immediately;
- }
-@@ -3188,7 +3188,7 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq)
- state = tevent_req_data(req, struct ad_gpo_process_som_state);
-
- /* gpo code only cares about the site name */
-- ret = ad_master_domain_recv(subreq, state, NULL, NULL, &site, NULL);
-+ ret = ad_domain_info_recv(subreq, state, NULL, NULL, &site, NULL);
- talloc_zfree(subreq);
-
- if (ret != EOK || site == NULL) {
-diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
-index 84e5c42ac..ca6486e03 100644
---- a/src/providers/ad/ad_id.c
-+++ b/src/providers/ad/ad_id.c
-@@ -663,12 +663,12 @@ ad_enumeration_conn_done(struct tevent_req *subreq)
- return;
- }
-
-- subreq = ad_master_domain_send(state, state->ev,
-- state->id_ctx->ldap_ctx,
-- state->sdap_op,
-- state->sdom->dom->name);
-+ subreq = ad_domain_info_send(state, state->ev,
-+ state->id_ctx->ldap_ctx,
-+ state->sdap_op,
-+ state->sdom->dom->name);
- if (subreq == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
-+ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
- tevent_req_error(req, ret);
- return;
- }
-@@ -687,8 +687,8 @@ ad_enumeration_master_done(struct tevent_req *subreq)
- char *master_sid;
- char *forest;
-
-- ret = ad_master_domain_recv(subreq, state,
-- &flat_name, &master_sid, NULL, &forest);
-+ ret = ad_domain_info_recv(subreq, state,
-+ &flat_name, &master_sid, NULL, &forest);
- talloc_zfree(subreq);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
-diff --git a/src/providers/ad/ad_resolver.c b/src/providers/ad/ad_resolver.c
-index b58f08ecf..c87706094 100644
---- a/src/providers/ad/ad_resolver.c
-+++ b/src/providers/ad/ad_resolver.c
-@@ -317,10 +317,10 @@ ad_resolver_enumeration_conn_done(struct tevent_req *subreq)
- return;
- }
-
-- subreq = ad_master_domain_send(state, state->ev, id_ctx->conn,
-- state->sdap_op, state->sdom->dom->name);
-+ subreq = ad_domain_info_send(state, state->ev, id_ctx->conn,
-+ state->sdap_op, state->sdom->dom->name);
- if (subreq == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
-+ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
- tevent_req_error(req, ret);
- return;
- }
-@@ -346,7 +346,7 @@ ad_resolver_enumeration_master_done(struct tevent_req *subreq)
- char *forest;
- struct ad_id_ctx *ad_id_ctx;
-
-- ret = ad_master_domain_recv(subreq, state,
-+ ret = ad_domain_info_recv(subreq, state,
- &flat_name, &master_sid, NULL, &forest);
- talloc_zfree(subreq);
- if (ret != EOK) {
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index 06fbdb0ef..c53962283 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -1756,8 +1756,8 @@ static void ad_subdomains_refresh_connect_done(struct tevent_req *subreq)
- }
-
- /* connect to the DC we are a member of */
-- subreq = ad_master_domain_send(state, state->ev, state->id_ctx->conn,
-- state->sdap_op, state->sd_ctx->domain_name);
-+ subreq = ad_domain_info_send(state, state->ev, state->id_ctx->conn,
-+ state->sdap_op, state->sd_ctx->domain_name);
- if (subreq == NULL) {
- tevent_req_error(req, ENOMEM);
- return;
-@@ -1779,8 +1779,8 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq)
- req = tevent_req_callback_data(subreq, struct tevent_req);
- state = tevent_req_data(req, struct ad_subdomains_refresh_state);
-
-- ret = ad_master_domain_recv(subreq, state, &flat_name, &master_sid,
-- NULL, &state->forest);
-+ ret = ad_domain_info_recv(subreq, state, &flat_name, &master_sid,
-+ NULL, &state->forest);
- talloc_zfree(subreq);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get master domain information "
---
-2.21.3
-
diff --git a/SOURCES/0015-sysdb-make-new_subdomain-public.patch b/SOURCES/0015-sysdb-make-new_subdomain-public.patch
deleted file mode 100644
index 1c3a146..0000000
--- a/SOURCES/0015-sysdb-make-new_subdomain-public.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From 9aa26f6514220bae3b3314f830e3e3f95fab2cf9 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 7 May 2020 21:18:13 +0200
-Subject: [PATCH 15/19] sysdb: make new_subdomain() public
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves: https://github.com/SSSD/sssd/issues/5151
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/db/sysdb.h | 18 ++++++++++++++++++
- src/db/sysdb_private.h | 19 -------------------
- src/tests/cmocka/test_negcache.c | 1 -
- src/tests/cmocka/test_nss_srv.c | 1 -
- src/tests/cmocka/test_responder_cache_req.c | 1 -
- 5 files changed, 18 insertions(+), 22 deletions(-)
-
-diff --git a/src/db/sysdb.h b/src/db/sysdb.h
-index 64e546f5b..e4ed10b54 100644
---- a/src/db/sysdb.h
-+++ b/src/db/sysdb.h
-@@ -562,6 +562,24 @@ errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
- errno_t sysdb_subdomain_content_delete(struct sysdb_ctx *sysdb,
- const char *name);
-
-+/* The utility function to create a subdomain sss_domain_info object is handy
-+ * for unit tests, so it should be available in a headerr.
-+ */
-+struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
-+ struct sss_domain_info *parent,
-+ const char *name,
-+ const char *realm,
-+ const char *flat_name,
-+ const char *id,
-+ enum sss_domain_mpg_mode mpg_mode,
-+ bool enumerate,
-+ const char *forest,
-+ const char **upn_suffixes,
-+ uint32_t trust_direction,
-+ struct confdb_ctx *confdb,
-+ bool enabled);
-+
-+
- errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
- size_t *range_count,
- struct range_info ***range_list);
-diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
-index 3302919a6..70fe3fa18 100644
---- a/src/db/sysdb_private.h
-+++ b/src/db/sysdb_private.h
-@@ -196,25 +196,6 @@ int sysdb_replace_ulong(struct ldb_message *msg,
- int sysdb_delete_ulong(struct ldb_message *msg,
- const char *attr, unsigned long value);
-
--/* The utility function to create a subdomain sss_domain_info object is handy
-- * for unit tests, so it should be available in a header, but not a public util
-- * one, because the only interface for the daemon itself should be adding
-- * the sysdb domain object and calling sysdb_update_subdomains()
-- */
--struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
-- struct sss_domain_info *parent,
-- const char *name,
-- const char *realm,
-- const char *flat_name,
-- const char *id,
-- enum sss_domain_mpg_mode mpg_mode,
-- bool enumerate,
-- const char *forest,
-- const char **upn_suffixes,
-- uint32_t trust_direction,
-- struct confdb_ctx *confdb,
-- bool enabled);
--
- /* Helper functions to deal with the timestamp cache should not be used
- * outside the sysdb itself. The timestamp cache should be completely
- * opaque to the sysdb consumers
-diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
-index 3ed1cb14a..b3a379227 100644
---- a/src/tests/cmocka/test_negcache.c
-+++ b/src/tests/cmocka/test_negcache.c
-@@ -38,7 +38,6 @@
- #include "util/util_sss_idmap.h"
- #include "lib/idmap/sss_idmap.h"
- #include "util/util.h"
--#include "db/sysdb_private.h"
- #include "responder/common/responder.h"
- #include "responder/common/negcache.h"
-
-diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
-index 3cd7809cf..99ba02a80 100644
---- a/src/tests/cmocka/test_nss_srv.c
-+++ b/src/tests/cmocka/test_nss_srv.c
-@@ -36,7 +36,6 @@
- #include "util/crypto/sss_crypto.h"
- #include "util/crypto/nss/nss_util.h"
- #include "util/sss_endian.h"
--#include "db/sysdb_private.h" /* new_subdomain() */
- #include "db/sysdb_iphosts.h"
- #include "db/sysdb_ipnetworks.h"
-
-diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
-index 2611c589b..68a651240 100644
---- a/src/tests/cmocka/test_responder_cache_req.c
-+++ b/src/tests/cmocka/test_responder_cache_req.c
-@@ -27,7 +27,6 @@
- #include "tests/cmocka/common_mock_resp.h"
- #include "db/sysdb.h"
- #include "responder/common/cache_req/cache_req.h"
--#include "db/sysdb_private.h" /* new_subdomain() */
-
- #define TESTS_PATH "tp_" BASE_FILE_STEM
- #define TEST_CONF_DB "test_responder_cache_req_conf.ldb"
---
-2.21.3
-
diff --git a/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch b/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
deleted file mode 100644
index a71043c..0000000
--- a/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 2bad4d4b299440d33919a9fdb8c4d75814583e12 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 7 May 2020 21:24:42 +0200
-Subject: [PATCH 16/19] ad: rename ads_get_root_id_ctx() to ads_get_dom_id_ctx
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Since the function can be used to get the id ctx of any domain the
-'root' is removed from the name.
-
-Resolves: https://github.com/SSSD/sssd/issues/5151
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_subdomains.c | 32 ++++++++++++++++----------------
- 1 file changed, 16 insertions(+), 16 deletions(-)
-
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index c53962283..a9a552ff7 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -1231,37 +1231,37 @@ static errno_t ad_get_slave_domain_recv(struct tevent_req *req)
- }
-
- static struct ad_id_ctx *
--ads_get_root_id_ctx(struct be_ctx *be_ctx,
-- struct ad_id_ctx *ad_id_ctx,
-- struct sss_domain_info *root_domain,
-- struct sdap_options *opts)
-+ads_get_dom_id_ctx(struct be_ctx *be_ctx,
-+ struct ad_id_ctx *ad_id_ctx,
-+ struct sss_domain_info *domain,
-+ struct sdap_options *opts)
- {
- errno_t ret;
- struct sdap_domain *sdom;
-- struct ad_id_ctx *root_id_ctx;
-+ struct ad_id_ctx *dom_id_ctx;
-
-- sdom = sdap_domain_get(opts, root_domain);
-+ sdom = sdap_domain_get(opts, domain);
- if (sdom == NULL) {
- DEBUG(SSSDBG_OP_FAILURE,
-- "Cannot get the sdom for %s!\n", root_domain->name);
-+ "Cannot get the sdom for %s!\n", domain->name);
- return NULL;
- }
-
- if (sdom->pvt == NULL) {
-- ret = ad_subdom_ad_ctx_new(be_ctx, ad_id_ctx, root_domain,
-- &root_id_ctx);
-+ ret = ad_subdom_ad_ctx_new(be_ctx, ad_id_ctx, domain,
-+ &dom_id_ctx);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "ad_subdom_ad_ctx_new failed.\n");
- return NULL;
- }
-
-- sdom->pvt = root_id_ctx;
-+ sdom->pvt = dom_id_ctx;
- } else {
-- root_id_ctx = sdom->pvt;
-+ dom_id_ctx = sdom->pvt;
- }
-
-- root_id_ctx->ldap_ctx->ignore_mark_offline = true;
-- return root_id_ctx;
-+ dom_id_ctx->ldap_ctx->ignore_mark_offline = true;
-+ return dom_id_ctx;
- }
-
- struct ad_get_root_domain_state {
-@@ -1403,9 +1403,9 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
- goto done;
- }
-
-- state->root_id_ctx = ads_get_root_id_ctx(state->be_ctx,
-- state->sd_ctx->ad_id_ctx,
-- root_domain, state->opts);
-+ state->root_id_ctx = ads_get_dom_id_ctx(state->be_ctx,
-+ state->sd_ctx->ad_id_ctx,
-+ root_domain, state->opts);
- if (state->root_id_ctx == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "Cannot create id ctx for the root domain\n");
- ret = EFAULT;
---
-2.21.3
-
diff --git a/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch b/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
deleted file mode 100644
index 4b519b7..0000000
--- a/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 8c642a542245a9f9fde5c2de9c96082b4c0d0963 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Mon, 11 May 2020 21:26:13 +0200
-Subject: [PATCH 17/19] ad: remove unused trust_type from ad_subdom_store()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves: https://github.com/SSSD/sssd/issues/5151
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_subdomains.c | 8 --------
- 1 file changed, 8 deletions(-)
-
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index a9a552ff7..198f5c916 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -576,7 +576,6 @@ ad_subdom_store(struct confdb_ctx *cdb,
- enum idmap_error_code err;
- struct ldb_message_element *el;
- char *sid_str = NULL;
-- uint32_t trust_type;
- enum sss_domain_mpg_mode mpg_mode;
- enum sss_domain_mpg_mode default_mpg_mode;
-
-@@ -586,13 +585,6 @@ ad_subdom_store(struct confdb_ctx *cdb,
- goto done;
- }
-
-- ret = sysdb_attrs_get_uint32_t(subdom_attrs, AD_AT_TRUST_TYPE,
-- &trust_type);
-- if (ret != EOK) {
-- DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_uint32_t failed.\n");
-- goto done;
-- }
--
- ret = sysdb_attrs_get_string(subdom_attrs, AD_AT_TRUST_PARTNER, &name);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "failed to get subdomain name\n");
---
-2.21.3
-
diff --git a/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch b/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch
deleted file mode 100644
index 23486f2..0000000
--- a/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch
+++ /dev/null
@@ -1,283 +0,0 @@
-From 3ae3286d61ed796f0be7a1d72157af3687bc04a5 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 7 May 2020 21:26:16 +0200
-Subject: [PATCH 18/19] ad: add ad_check_domain_{send|recv}
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This new request tries to get the basic domain information like domain
-SID and NetBIOS domain name for a domain given by the name. To achieve
-this the needed data is added to general domain structure and the SDAP
-domain structure. If the domain data cannot be looked up the data is
-removed again.
-
-Resolves: https://github.com/SSSD/sssd/issues/5151
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_subdomains.c | 251 +++++++++++++++++++++++++++++++
- 1 file changed, 251 insertions(+)
-
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index 198f5c916..299aa7391 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -2143,3 +2143,254 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx,
-
- return EOK;
- }
-+
-+struct ad_check_domain_state {
-+ struct tevent_context *ev;
-+ struct be_ctx *be_ctx;
-+ struct sdap_id_op *sdap_op;
-+ struct ad_id_ctx *dom_id_ctx;
-+ struct sdap_options *opts;
-+
-+ const char *dom_name;
-+ struct sss_domain_info *dom;
-+ struct sss_domain_info *parent;
-+ struct sdap_domain *sdom;
-+
-+ char *flat;
-+ char *site;
-+ char *forest;
-+ char *sid;
-+};
-+
-+static void ad_check_domain_connect_done(struct tevent_req *subreq);
-+static void ad_check_domain_done(struct tevent_req *subreq);
-+
-+static int ad_check_domain_destructor(void *mem)
-+{
-+ struct ad_check_domain_state *state = talloc_get_type(mem,
-+ struct ad_check_domain_state);
-+
-+ if (state->sdom != NULL) {
-+ DEBUG(SSSDBG_TRACE_ALL, "Removing sdap domain [%s].\n",
-+ state->dom->name);
-+ sdap_domain_remove(state->opts, state->dom);
-+ /* terminate all requests for this subdomain so we can free it */
-+ dp_terminate_domain_requests(state->be_ctx->provider, state->dom->name);
-+ talloc_zfree(state->sdom);
-+ }
-+
-+ if (state->dom != NULL) {
-+ DEBUG(SSSDBG_TRACE_ALL, "Removing domain [%s].\n", state->dom->name);
-+ sss_domain_set_state(state->dom, DOM_DISABLED);
-+ DLIST_REMOVE(state->be_ctx->domain->subdomains, state->dom);
-+ talloc_zfree(state->dom);
-+ }
-+
-+ return 0;
-+}
-+
-+struct tevent_req *
-+ad_check_domain_send(TALLOC_CTX *mem_ctx,
-+ struct tevent_context *ev,
-+ struct be_ctx *be_ctx,
-+ struct ad_id_ctx *ad_id_ctx,
-+ const char *dom_name,
-+ const char *parent_dom_name)
-+{
-+ errno_t ret;
-+ struct tevent_req *req;
-+ struct tevent_req *subreq;
-+ struct ad_check_domain_state *state;
-+
-+ req = tevent_req_create(mem_ctx, &state, struct ad_check_domain_state);
-+ if (req == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
-+ return NULL;
-+ }
-+
-+ state->ev = ev;
-+ state->be_ctx = be_ctx;
-+ state->opts = ad_id_ctx->sdap_id_ctx->opts;
-+ state->dom_name = dom_name;
-+ state->parent = NULL;
-+ state->sdom = NULL;
-+
-+ state->dom = find_domain_by_name(be_ctx->domain, dom_name, true);
-+ if (state->dom == NULL) {
-+ state->parent = find_domain_by_name(be_ctx->domain, parent_dom_name,
-+ true);
-+ if (state->parent == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ "Failed to find domain object for domain [%s].\n",
-+ parent_dom_name);
-+ ret = ENOENT;
-+ goto immediately;
-+ }
-+
-+ state->dom = new_subdomain(state->parent, state->parent, dom_name,
-+ dom_name, NULL, NULL, MPG_DISABLED, false,
-+ state->parent->forest,
-+ NULL, 0, be_ctx->cdb, true);
-+ if (state->dom == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "new_subdomain() failed.\n");
-+ ret = EINVAL;
-+ goto immediately;
-+ }
-+
-+ talloc_set_destructor((TALLOC_CTX *) state, ad_check_domain_destructor);
-+
-+ DLIST_ADD_END(state->parent->subdomains, state->dom,
-+ struct sss_domain_info *);
-+
-+ ret = sdap_domain_add(state->opts, state->dom, &state->sdom);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sdap_domain_subdom_add failed.\n");
-+ goto immediately;
-+ }
-+
-+ ret = ad_set_search_bases(ad_id_ctx->ad_options->id, state->sdom);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_MINOR_FAILURE, "failed to set ldap search bases for "
-+ "domain '%s'. Will try to use automatically detected search "
-+ "bases.", state->sdom->dom->name);
-+ }
-+
-+ }
-+
-+ state->dom_id_ctx = ads_get_dom_id_ctx(be_ctx, ad_id_ctx, state->dom,
-+ state->opts);
-+ if (state->dom_id_ctx == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "ads_get_dom_id_ctx() failed.\n");
-+ ret = EINVAL;
-+ goto immediately;
-+ }
-+
-+ state->sdap_op = sdap_id_op_create(state,
-+ state->dom_id_ctx->sdap_id_ctx->conn->conn_cache);
-+ if (state->sdap_op == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create() failed\n");
-+ ret = ENOMEM;
-+ goto immediately;
-+ }
-+
-+ subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
-+ if (subreq == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_connect_send() failed "
-+ "[%d]: %s\n", ret, sss_strerror(ret));
-+ goto immediately;
-+ }
-+
-+ tevent_req_set_callback(subreq, ad_check_domain_connect_done, req);
-+
-+ return req;
-+
-+immediately:
-+ if (ret == EOK) {
-+ tevent_req_done(req);
-+ } else {
-+ tevent_req_error(req, ret);
-+ }
-+ tevent_req_post(req, ev);
-+
-+ return req;
-+}
-+
-+static void ad_check_domain_connect_done(struct tevent_req *subreq)
-+{
-+ struct tevent_req *req;
-+ struct ad_check_domain_state *state;
-+ int ret;
-+ int dp_error;
-+
-+ req = tevent_req_callback_data(subreq, struct tevent_req);
-+ state = tevent_req_data(req, struct ad_check_domain_state);
-+
-+ ret = sdap_id_op_connect_recv(subreq, &dp_error);
-+ talloc_zfree(subreq);
-+
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to connect to LDAP "
-+ "[%d]: %s\n", ret, sss_strerror(ret));
-+ if (dp_error == DP_ERR_OFFLINE) {
-+ DEBUG(SSSDBG_MINOR_FAILURE, "No AD server is available, "
-+ "cannot get the subdomain list while offline\n");
-+ ret = ERR_OFFLINE;
-+ }
-+ tevent_req_error(req, ret);
-+ return;
-+ }
-+
-+ subreq = ad_domain_info_send(state, state->ev,
-+ state->dom_id_ctx->sdap_id_ctx->conn,
-+ state->sdap_op, state->dom_name);
-+
-+ tevent_req_set_callback(subreq, ad_check_domain_done, req);
-+
-+ return;
-+}
-+
-+static void ad_check_domain_done(struct tevent_req *subreq)
-+{
-+ struct tevent_req *req;
-+ struct ad_check_domain_state *state;
-+ errno_t ret;
-+
-+
-+ req = tevent_req_callback_data(subreq, struct tevent_req);
-+ state = tevent_req_data(req, struct ad_check_domain_state);
-+
-+ ret = ad_domain_info_recv(subreq, state, &state->flat, &state->sid,
-+ &state->site, &state->forest);
-+ talloc_zfree(subreq);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "Unable to lookup domain information "
-+ "[%d]: %s\n", ret, sss_strerror(ret));
-+ goto done;
-+ }
-+ DEBUG(SSSDBG_TRACE_ALL, "%s %s %s %s.\n", state->flat, state->sid,
-+ state->site, state->forest);
-+
-+ /* New domain was successfully checked, remove destructor. */
-+ talloc_set_destructor(state, NULL);
-+
-+ ret = EOK;
-+
-+done:
-+ if (ret != EOK) {
-+ tevent_req_error(req, ret);
-+ return;
-+ }
-+
-+ tevent_req_done(req);
-+}
-+
-+errno_t ad_check_domain_recv(TALLOC_CTX *mem_ctx,
-+ struct tevent_req *req,
-+ char **_flat,
-+ char **_id,
-+ char **_site,
-+ char **_forest)
-+{
-+ struct ad_check_domain_state *state = tevent_req_data(req,
-+ struct ad_check_domain_state);
-+
-+ TEVENT_REQ_RETURN_ON_ERROR(req);
-+
-+ if (_flat) {
-+ *_flat = talloc_steal(mem_ctx, state->flat);
-+ }
-+
-+ if (_site) {
-+ *_site = talloc_steal(mem_ctx, state->site);
-+ }
-+
-+ if (_forest) {
-+ *_forest = talloc_steal(mem_ctx, state->forest);
-+ }
-+
-+ if (_id) {
-+ *_id = talloc_steal(mem_ctx, state->sid);
-+ }
-+
-+ return EOK;
-+}
---
-2.21.3
-
diff --git a/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch b/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
deleted file mode 100644
index d1c4eb9..0000000
--- a/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
+++ /dev/null
@@ -1,281 +0,0 @@
-From e25e1e9228a6108d8e94f2e99f3004e6cbfc3349 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 12 May 2020 16:55:32 +0200
-Subject: [PATCH 19/19] ad: check forest root directly if not present on local
- DC
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If the information about the forest root domain cannot be read from the
-local domain-controller it is tried to read it from a DC of the forest
-root directly.
-
-Resolves: https://github.com/SSSD/sssd/issues/5151
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_subdomains.c | 184 +++++++++++++++++++++++++++----
- 1 file changed, 164 insertions(+), 20 deletions(-)
-
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index 299aa7391..7c6f51db7 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -35,6 +35,10 @@
- #include <ndr.h>
- #include <ndr/ndr_nbt.h>
-
-+/* Avoid that ldb_val is overwritten by data_blob.h */
-+#undef ldb_val
-+#include <ldb.h>
-+
- /* Attributes of AD trusted domains */
- #define AD_AT_FLATNAME "flatName"
- #define AD_AT_SID "securityIdentifier"
-@@ -1258,15 +1262,37 @@ ads_get_dom_id_ctx(struct be_ctx *be_ctx,
-
- struct ad_get_root_domain_state {
- struct ad_subdomains_ctx *sd_ctx;
-+ struct tevent_context *ev;
- struct be_ctx *be_ctx;
- struct sdap_idmap_ctx *idmap_ctx;
- struct sdap_options *opts;
-+ const char *domain;
-+ const char *forest;
-
-+ struct sysdb_attrs **reply;
-+ size_t reply_count;
- struct ad_id_ctx *root_id_ctx;
- struct sysdb_attrs *root_domain_attrs;
- };
-
- static void ad_get_root_domain_done(struct tevent_req *subreq);
-+static void ad_check_root_domain_done(struct tevent_req *subreq);
-+static errno_t
-+ad_get_root_domain_refresh(struct ad_get_root_domain_state *state);
-+
-+struct tevent_req *
-+ad_check_domain_send(TALLOC_CTX *mem_ctx,
-+ struct tevent_context *ev,
-+ struct be_ctx *be_ctx,
-+ struct ad_id_ctx *ad_id_ctx,
-+ const char *dom_name,
-+ const char *parent_dom_name);
-+errno_t ad_check_domain_recv(TALLOC_CTX *mem_ctx,
-+ struct tevent_req *req,
-+ char **_flat,
-+ char **_id,
-+ char **_site,
-+ char **_forest);
-
- static struct tevent_req *
- ad_get_root_domain_send(TALLOC_CTX *mem_ctx,
-@@ -1305,6 +1331,9 @@ ad_get_root_domain_send(TALLOC_CTX *mem_ctx,
- state->opts = opts = sd_ctx->sdap_id_ctx->opts;
- state->be_ctx = sd_ctx->be_ctx;
- state->idmap_ctx = opts->idmap_ctx;
-+ state->ev = ev;
-+ state->domain = domain;
-+ state->forest = forest;
-
- filter = talloc_asprintf(state, FOREST_ROOT_FILTER_FMT, forest);
- if (filter == NULL) {
-@@ -1340,17 +1369,14 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
- {
- struct tevent_req *req;
- struct ad_get_root_domain_state *state;
-- struct sysdb_attrs **reply;
-- struct sss_domain_info *root_domain;
-- size_t reply_count;
-- bool has_changes;
- errno_t ret;
-
- req = tevent_req_callback_data(subreq, struct tevent_req);
- state = tevent_req_data(req, struct ad_get_root_domain_state);
-
-- ret = sdap_search_bases_return_first_recv(subreq, state, &reply_count,
-- &reply);
-+ ret = sdap_search_bases_return_first_recv(subreq, state,
-+ &state->reply_count,
-+ &state->reply);
- talloc_zfree(subreq);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "Unable to lookup forest root information "
-@@ -1358,19 +1384,142 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
- goto done;
- }
-
-- if (reply_count == 0) {
-- DEBUG(SSSDBG_OP_FAILURE, "No information provided for root domain\n");
-- ret = ENOENT;
-- goto done;
-- } else if (reply_count > 1) {
-+ if (state->reply_count == 0) {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ "No information provided for root domain, trying directly.\n");
-+ subreq = ad_check_domain_send(state, state->ev, state->be_ctx,
-+ state->sd_ctx->ad_id_ctx, state->forest,
-+ state->domain);
-+ if (subreq == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "ad_check_domain_send() failed.\n");
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+ tevent_req_set_callback(subreq, ad_check_root_domain_done, req);
-+ return;
-+ } else if (state->reply_count > 1) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Multiple results for root domain search, "
- "domain list might be incomplete!\n");
- ret = ERR_MALFORMED_ENTRY;
- goto done;
- }
-
-+ ret = ad_get_root_domain_refresh(state);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
-+ }
-+
-+done:
-+ if (ret != EOK) {
-+ tevent_req_error(req, ret);
-+ return;
-+ }
-+
-+ tevent_req_done(req);
-+}
-+
-+static void ad_check_root_domain_done(struct tevent_req *subreq)
-+{
-+ struct tevent_req *req;
-+ struct ad_get_root_domain_state *state;
-+ errno_t ret;
-+ char *flat = NULL;
-+ char *id = NULL;
-+ enum idmap_error_code err;
-+ struct ldb_val id_val;
-+
-+ req = tevent_req_callback_data(subreq, struct tevent_req);
-+ state = tevent_req_data(req, struct ad_get_root_domain_state);
-+
-+ ret = ad_check_domain_recv(state, subreq, &flat, &id, NULL, NULL);
-+ talloc_zfree(subreq);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "Unable to check forest root information "
-+ "[%d]: %s\n", ret, sss_strerror(ret));
-+ goto done;
-+ }
-+
-+ if (flat == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "NetBIOS name of forest root not available.\n");
-+ ret = EINVAL;
-+ goto done;
-+ }
-+
-+ if (id == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Domain SID of forest root not available.\n");
-+ ret = EINVAL;
-+ goto done;
-+ }
-+
-+ state->reply = talloc_array(state, struct sysdb_attrs *, 1);
-+ if (state->reply == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "talloc_array() failed.\n");
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ state->reply[0] = sysdb_new_attrs(state->reply);
-+ if (state->reply[0] == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs() failed.\n");
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ ret = sysdb_attrs_add_string(state->reply[0], AD_AT_FLATNAME, flat);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
-+ goto done;
-+ }
-+
-+ ret = sysdb_attrs_add_string(state->reply[0], AD_AT_TRUST_PARTNER,
-+ state->forest);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
-+ goto done;
-+ }
-+
-+ err = sss_idmap_sid_to_bin_sid(state->idmap_ctx->map, id,
-+ &id_val.data, &id_val.length);
-+ if (err != IDMAP_SUCCESS) {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ "Could not convert SID: [%s].\n", idmap_error_string(err));
-+ ret = EFAULT;
-+ goto done;
-+ }
-+
-+ ret = sysdb_attrs_add_val(state->reply[0], AD_AT_SID, &id_val);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
-+ goto done;
-+ }
-+
-+ state->reply_count = 1;
-+
-+ ret = ad_get_root_domain_refresh(state);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
-+ }
-+
-+done:
-+ if (ret != EOK) {
-+ tevent_req_error(req, ret);
-+ return;
-+ }
-+
-+ tevent_req_done(req);
-+}
-+
-+static errno_t
-+ad_get_root_domain_refresh(struct ad_get_root_domain_state *state)
-+{
-+ struct sss_domain_info *root_domain;
-+ bool has_changes;
-+ errno_t ret;
-+
- ret = ad_subdomains_refresh(state->be_ctx, state->idmap_ctx, state->opts,
-- reply, reply_count, true,
-+ state->reply, state->reply_count, true,
- &state->sd_ctx->last_refreshed,
- &has_changes);
- if (ret != EOK) {
-@@ -1387,8 +1536,8 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
- }
- }
-
-- state->root_domain_attrs = reply[0];
-- root_domain = ads_get_root_domain(state->be_ctx, reply[0]);
-+ state->root_domain_attrs = state->reply[0];
-+ root_domain = ads_get_root_domain(state->be_ctx, state->reply[0]);
- if (root_domain == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "Could not find the root domain\n");
- ret = EFAULT;
-@@ -1407,12 +1556,7 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
- ret = EOK;
-
- done:
-- if (ret != EOK) {
-- tevent_req_error(req, ret);
-- return;
-- }
--
-- tevent_req_done(req);
-+ return ret;
- }
-
- static errno_t ad_get_root_domain_recv(TALLOC_CTX *mem_ctx,
---
-2.21.3
-
diff --git a/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch b/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch
deleted file mode 100644
index 83826ef..0000000
--- a/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From d8d743870c459b5ff283c89d78b70d1684bd19a9 Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Wed, 13 May 2020 09:45:56 +0200
-Subject: [PATCH] man: Document invalid selinux context for homedirs
-
-The default value of fallback_homedir expands into path, that is not
-expected by selinux. Generally not only selinux might be affected by
-this default value. This PR documents the issue and recommends
-further steps.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5155
-
-Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
----
- src/man/include/ad_modified_defaults.xml | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
-index 91623d57a..65c9a0140 100644
---- a/src/man/include/ad_modified_defaults.xml
-+++ b/src/man/include/ad_modified_defaults.xml
-@@ -92,6 +92,18 @@
- this fallback behavior, you can explicitly
- set "fallback_homedir = %o".
- </para>
-+ <para>
-+ Note that the system typically expects a home directory
-+ in /home/%u folder. If you decide to use a different
-+ directory structure, some other parts of your system may
-+ need adjustments.
-+ </para>
-+ <para>
-+ For example automated creation of home directories in
-+ combination with selinux requires selinux adjustment,
-+ otherwise the home directory will be created with wrong
-+ selinux context.
-+ </para>
- </listitem>
- </itemizedlist>
- </refsect2>
---
-2.21.3
-
diff --git a/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch b/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
deleted file mode 100644
index dcfcf7e..0000000
--- a/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 26c794da31c215fef3e41429f6f13afdaf349bee Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 3 Jun 2020 20:35:04 +0200
-Subject: [PATCH 21/22] pam_sss: add SERVICE_IS_GDM_SMARTCARD
-
-Resolves: https://github.com/SSSD/sssd/issues/5190
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/sss_client/pam_sss.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
-index 69b440774..7e59f0487 100644
---- a/src/sss_client/pam_sss.c
-+++ b/src/sss_client/pam_sss.c
-@@ -71,6 +71,8 @@
- #define DEBUG_MGS_LEN 1024
- #define MAX_AUTHTOK_SIZE (1024*1024)
- #define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)")
-+#define SERVICE_IS_GDM_SMARTCARD(pitem) (strcmp((pitem)->pam_service, \
-+ "gdm-smartcard") == 0)
-
- static void logger(pam_handle_t *pamh, int level, const char *fmt, ...) {
- va_list ap;
-@@ -2580,7 +2582,7 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
- return PAM_AUTHINFO_UNAVAIL;
- }
-
-- if (strcmp(pi.pam_service, "gdm-smartcard") == 0
-+ if (SERVICE_IS_GDM_SMARTCARD(&pi)
- || (flags & PAM_CLI_FLAGS_REQUIRE_CERT_AUTH)) {
- ret = check_login_token_name(pamh, &pi, retries,
- quiet_mode);
---
-2.21.3
-
diff --git a/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch b/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch
deleted file mode 100644
index fd8d83d..0000000
--- a/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 3ed254765fc92e9cc9e4c35335818eaf1256e0d6 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 3 Jun 2020 20:36:54 +0200
-Subject: [PATCH 22/22] pam_sss: special handling for gdm-smartcard
-
-The gdm-smartcard service is special since it is triggered by the
-presence of a Smartcard and even in the case of an error it will
-immediately try again. To break this loop we should ask for an user
-input and asking for a PIN is most straight forward and would show the
-same behavior as pam_pkcs11.
-
-Additionally it does not make sense to fall back the a password prompt
-for gdm-smartcard so also here a PIN prompt should be shown.
-
-Resolves: https://github.com/SSSD/sssd/issues/5190
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/sss_client/pam_sss.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
-index 7e59f0487..093e53af5 100644
---- a/src/sss_client/pam_sss.c
-+++ b/src/sss_client/pam_sss.c
-@@ -1835,8 +1835,13 @@ static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi)
- struct pam_message m[2] = { { 0 }, { 0 } };
- struct pam_response *resp = NULL;
- struct cert_auth_info *cai = pi->selected_cert;
-+ struct cert_auth_info empty_cai = { NULL, NULL, discard_const("Smartcard"),
-+ NULL, NULL, NULL, NULL, NULL };
-
-- if (cai == NULL || cai->token_name == NULL || *cai->token_name == '\0') {
-+ if (cai == NULL && SERVICE_IS_GDM_SMARTCARD(pi)) {
-+ cai = &empty_cai;
-+ } else if (cai == NULL || cai->token_name == NULL
-+ || *cai->token_name == '\0') {
- return PAM_SYSTEM_ERR;
- }
-
-@@ -2188,6 +2193,9 @@ static int get_authtok_for_authentication(pam_handle_t *pamh,
- }
- }
- ret = prompt_sc_pin(pamh, pi);
-+ } else if (SERVICE_IS_GDM_SMARTCARD(pi)) {
-+ /* Use pin prompt as fallback for gdm-smartcard */
-+ ret = prompt_sc_pin(pamh, pi);
- } else {
- ret = prompt_password(pamh, pi, _("Password: "));
- }
-@@ -2496,7 +2504,7 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
- {
- int ret;
- int pam_status;
-- struct pam_items pi;
-+ struct pam_items pi = { 0 };
- uint32_t flags = 0;
- const int *exp_data;
- int *pw_exp_data;
-@@ -2570,7 +2578,8 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
- /*
- * Since we are only interested in the result message
- * and will always use password authentication
-- * as a fallback, errors can be ignored here.
-+ * as a fallback (except for gdm-smartcard),
-+ * errors can be ignored here.
- */
- }
- }
-@@ -2588,7 +2597,6 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
- quiet_mode);
- if (ret != PAM_SUCCESS) {
- D(("check_login_token_name failed.\n"));
-- return ret;
- }
- }
-
---
-2.21.3
-
diff --git a/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch b/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
deleted file mode 100644
index 0f0b0ba..0000000
--- a/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 31e57432537b9d248839159d83cfa9049faf192b Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 19 Jun 2020 13:32:30 +0200
-Subject: [PATCH] pam_sss: make sure old certificate data is removed before
- retry
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-To avoid that certificates will be shown in the certificate selection
-which are not available anymore they must be remove before a new request
-to look up the certificates is send to SSSD's PAM responder.
-
-Resolves: https://github.com/SSSD/sssd/issues/5190
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/sss_client/pam_sss.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
-index e3ad2c9b2..6a3ba2f50 100644
---- a/src/sss_client/pam_sss.c
-+++ b/src/sss_client/pam_sss.c
-@@ -2467,6 +2467,8 @@ static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
- && strcmp(login_token_name,
- pi->cert_list->token_name) != 0)) {
-
-+ free_cert_list(pi->cert_list);
-+ pi->cert_list = NULL;
- if (retries < 0) {
- ret = PAM_AUTHINFO_UNAVAIL;
- goto done;
---
-2.21.3
-
diff --git a/SOURCES/0024-systemtap-Missing-a-comma.patch b/SOURCES/0024-systemtap-Missing-a-comma.patch
deleted file mode 100644
index b747c2a..0000000
--- a/SOURCES/0024-systemtap-Missing-a-comma.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 66029529fa0f0e2d16999f22294822deeec5f60b Mon Sep 17 00:00:00 2001
-From: Alejandro Visiedo <avisiedo@redhat.com>
-Date: Thu, 11 Jun 2020 00:36:04 +0200
-Subject: [PATCH] systemtap: Missing a comma
-
-sssd_functions.stp was missing a comma.
-
-Thanks to William Cohen for reporting the issue and the patch to fix it.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1840194
-
-Resolves: https://github.com/SSSD/sssd/issues/5201
-
-Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
----
- src/systemtap/sssd_functions.stp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/systemtap/sssd_functions.stp b/src/systemtap/sssd_functions.stp
-index 1eb140ccf..01f553177 100644
---- a/src/systemtap/sssd_functions.stp
-+++ b/src/systemtap/sssd_functions.stp
-@@ -7,7 +7,7 @@ global TARGET_ID=0, TARGET_AUTH=1, TARGET_ACCESS=2, TARGET_CHPASS=3,
- global METHOD_CHECK_ONLINE=0, METHOD_ACCOUNT_HANDLER=1, METHOD_AUTH_HANDLER=2,
- METHOD_ACCESS_HANDLER=3, METHOD_SELINUX_HANDLER=4, METHOD_SUDO_HANDLER=5,
- METHOD_AUTOFS_HANDLER=6, METHOD_HOSTID_HANDLER=7, METHOD_DOMAINS_HANDLER=8,
-- METHOD_RESOLVER_HANDLER=9 METHOD_SENTINEL=10
-+ METHOD_RESOLVER_HANDLER=9, METHOD_SENTINEL=10
-
- function acct_req_desc(entry_type)
- {
---
-2.21.3
-
diff --git a/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch b/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
deleted file mode 100644
index 2b71ccd..0000000
--- a/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From ffb9ad1331ac5f5d9bf237666aff19f1def77871 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Fri, 26 Jun 2020 12:07:48 +0200
-Subject: [PATCH] proxy: use 'x' as default pwfield only for sssd-shadowutils
- target
-
-To avoid regression for case where files is used for proxy but authentication
-is handled by other module then pam_unix. E.g. auth_provider = krb
-
-This provides different solution to the ticket and improves the documentation.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5129
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/confdb/confdb.c | 25 ++++++++++++++++++++-----
- src/man/sssd.conf.5.xml | 12 +++++++++---
- 2 files changed, 29 insertions(+), 8 deletions(-)
-
-diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
-index 65ad18dcf..c2daa9a2c 100644
---- a/src/confdb/confdb.c
-+++ b/src/confdb/confdb.c
-@@ -872,7 +872,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
- struct sss_domain_info *domain;
- struct ldb_result *res;
- TALLOC_CTX *tmp_ctx;
-- const char *tmp;
-+ const char *tmp, *tmp_pam_target, *tmp_auth;
- int ret, val;
- uint32_t entry_cache_timeout;
- char *default_domain;
-@@ -1030,13 +1030,28 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
- }
-
- if (domain->provider != NULL && strcasecmp(domain->provider, "proxy") == 0) {
-- /* The password field must be reported as 'x' for proxy provider
-- * using files library, else pam_unix won't
-- * authenticate this entry. */
-+ /* The password field must be reported as 'x' for proxy provider
-+ * using files library, else pam_unix won't authenticate this entry.
-+ * We set this only for sssd-shadowutils target which can be used
-+ * to authenticate with pam_unix only. Otherwise we let administrator
-+ * to overwrite default * value with pwfield option to avoid regression
-+ * on more common use case where remote authentication is required. */
- tmp = ldb_msg_find_attr_as_string(res->msgs[0],
- CONFDB_PROXY_LIBNAME,
- NULL);
-- if (tmp != NULL && strcasecmp(tmp, "files") == 0) {
-+
-+ tmp_auth = ldb_msg_find_attr_as_string(res->msgs[0],
-+ CONFDB_DOMAIN_AUTH_PROVIDER,
-+ NULL);
-+
-+ tmp_pam_target = ldb_msg_find_attr_as_string(res->msgs[0],
-+ CONFDB_PROXY_PAM_TARGET,
-+ NULL);
-+
-+ if (tmp != NULL && tmp_pam_target != NULL
-+ && strcasecmp(tmp, "files") == 0
-+ && (tmp_auth == NULL || strcasecmp(tmp_auth, "proxy") == 0)
-+ && strcmp(tmp_pam_target, "sssd-shadowutils") == 0) {
- domain->pwfield = "x";
- }
- }
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index cae24bb63..44b3b8f20 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -1135,11 +1135,17 @@ fallback_homedir = /home/%u
- <quote>password</quote> field.
- </para>
- <para>
-- This option can also be set per-domain.
-+ Default: <quote>*</quote>
- </para>
- <para>
-- Default: <quote>*</quote> (remote domains)
-- or <quote>x</quote> (the files domain)
-+ Note: This option can also be set per-domain which
-+ overwrites the value in [nss] section.
-+ </para>
-+ <para>
-+ Default: <quote>not set</quote> (remote domains),
-+ <quote>x</quote> (the files domain),
-+ <quote>x</quote> (proxy domain with nss_files
-+ and sssd-shadowutils target)
- </para>
- </listitem>
- </varlistentry>
---
-2.21.3
-
diff --git a/SOURCES/0026-files-allow-root-membership.patch b/SOURCES/0026-files-allow-root-membership.patch
deleted file mode 100644
index 9356e0b..0000000
--- a/SOURCES/0026-files-allow-root-membership.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-From 8969c43dc2d8d0800c2f0b509d078378db855622 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 23 Jun 2020 12:05:08 +0200
-Subject: [PATCH] files: allow root membership
-
-There are two use cases that do not work with files provider:
-
-1. User has primary GID 0:
-
-This is fine by itself since SSSD does not store this user in cache and it is
-handled only by `nss_files` so the user (`tuser`) is returned correctly. The
-problem is when you try to resolve group that the user is member of. In this
-case that the membership is missing the group (but only if the user was
-previously resolved and thus stored in negative cache).
-
-```
-tuser:x:1001:0::/home/tuser:/bin/bash
-tuser:x:1001:tuser
-
-// tuser@files is ghost member of the group so it is returned because it is not in negative cache
-$ getent group tuser
-tuser:x:1001:tuser
-
-// expire memcache
-// tuser@files is ghost member but not returned because it is in negative cache
-$ id tuser // returned from nss_files
-uid=1001(tuser) gid=0(root) groups=0(root),1001(tuser)
-[pbrezina /dev/shm/sssd]$ getent group tuser
-tuser:x:1001:
-```
-
-**2. root is member of other group**
-
-The root member is missing from the membership since it was filtered out by
-negative cache.
-
-```
-tuser:x:1001:root
-
-$ id root
-uid=0(root) gid=0(root) groups=0(root),1001(tuser)
-[pbrezina /dev/shm/sssd]$ getent group tuser
-tuser:x:1001:
-```
-
-In files provider, only the users that we do not want to managed are stored
-as ghost member, therefore we can let nss_files handle group that has ghost
-members.
-
-Tests are changed as well to work with this behavior. Users are added when
-required and ghost are expected to return ENOENT.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5170
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/responder/nss/nss_protocol_grent.c | 18 +++++++
- src/tests/intg/files_ops.py | 13 +++++
- src/tests/intg/test_files_provider.py | 73 ++++++++++++++++----------
- 3 files changed, 77 insertions(+), 27 deletions(-)
-
-diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c
-index 9c443d0e7..6d8e71083 100644
---- a/src/responder/nss/nss_protocol_grent.c
-+++ b/src/responder/nss/nss_protocol_grent.c
-@@ -141,6 +141,24 @@ nss_protocol_fill_members(struct sss_packet *packet,
- members[0] = nss_get_group_members(domain, msg);
- members[1] = nss_get_group_ghosts(domain, msg, group_name);
-
-+ if (is_files_provider(domain) && members[1] != NULL) {
-+ /* If there is a ghost member in files provider it means that we
-+ * did not store the user on purpose (e.g. it has uid or gid 0).
-+ * Therefore nss_files does handle the user and therefore we
-+ * must let nss_files to also handle this group in order to
-+ * provide correct membership. */
-+ DEBUG(SSSDBG_TRACE_FUNC,
-+ "Unknown members found. nss_files will handle it.\n");
-+
-+ ret = sss_ncache_set_group(rctx->ncache, false, domain, group_name);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sss_ncache_set_group failed.\n");
-+ }
-+
-+ ret = ENOENT;
-+ goto done;
-+ }
-+
- sss_packet_get_body(packet, &body, &body_len);
-
- num_members = 0;
-diff --git a/src/tests/intg/files_ops.py b/src/tests/intg/files_ops.py
-index c1c4465e7..57959f501 100644
---- a/src/tests/intg/files_ops.py
-+++ b/src/tests/intg/files_ops.py
-@@ -103,6 +103,13 @@ class FilesOps(object):
-
- contents = self._read_contents()
-
-+ def _has_line(self, key):
-+ try:
-+ self._get_named_line(key, self._read_contents())
-+ return True
-+ except KeyError:
-+ return False
-+
-
- class PasswdOps(FilesOps):
- """
-@@ -132,6 +139,9 @@ class PasswdOps(FilesOps):
- def userdel(self, name):
- self._del_line(name)
-
-+ def userexist(self, name):
-+ return self._has_line(name)
-+
-
- class GroupOps(FilesOps):
- """
-@@ -158,3 +168,6 @@ class GroupOps(FilesOps):
-
- def groupdel(self, name):
- self._del_line(name)
-+
-+ def groupexist(self, name):
-+ return self._has_line(name)
-diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
-index 023333020..90be198c3 100644
---- a/src/tests/intg/test_files_provider.py
-+++ b/src/tests/intg/test_files_provider.py
-@@ -60,11 +60,13 @@ OV_USER1 = dict(name='ov_user1', passwd='x', uid=10010, gid=20010,
- dir='/home/ov/user1',
- shell='/bin/ov_user1_shell')
-
--ALT_USER1 = dict(name='altuser1', passwd='x', uid=60001, gid=70001,
-+ALT_USER1 = dict(name='alt_user1', passwd='x', uid=60001, gid=70001,
- gecos='User for tests from alt files',
- dir='/home/altuser1',
- shell='/bin/bash')
-
-+ALL_USERS = [CANARY, USER1, USER2, OV_USER1, ALT_USER1]
-+
- CANARY_GR = dict(name='canary',
- gid=300001,
- mem=[])
-@@ -365,21 +367,34 @@ def setup_pw_with_canary(passwd_ops_setup):
- return setup_pw_with_list(passwd_ops_setup, [CANARY])
-
-
--def setup_gr_with_list(grp_ops, group_list):
-+def add_group_members(pwd_ops, group):
-+ members = {x['name']: x for x in ALL_USERS}
-+ for member in group['mem']:
-+ if pwd_ops.userexist(member):
-+ continue
-+
-+ pwd_ops.useradd(**members[member])
-+
-+
-+def setup_gr_with_list(pwd_ops, grp_ops, group_list):
- for group in group_list:
-+ add_group_members(pwd_ops, group)
- grp_ops.groupadd(**group)
-+
- ent.assert_group_by_name(CANARY_GR['name'], CANARY_GR)
- return grp_ops
-
-
- @pytest.fixture
--def add_group_with_canary(group_ops_setup):
-- return setup_gr_with_list(group_ops_setup, [GROUP1, CANARY_GR])
-+def add_group_with_canary(passwd_ops_setup, group_ops_setup):
-+ return setup_gr_with_list(
-+ passwd_ops_setup, group_ops_setup, [GROUP1, CANARY_GR]
-+ )
-
-
- @pytest.fixture
--def setup_gr_with_canary(group_ops_setup):
-- return setup_gr_with_list(group_ops_setup, [CANARY_GR])
-+def setup_gr_with_canary(passwd_ops_setup, group_ops_setup):
-+ return setup_gr_with_list(passwd_ops_setup, group_ops_setup, [CANARY_GR])
-
-
- def poll_canary(fn, name, threshold=20):
-@@ -766,7 +781,9 @@ def test_gid_zero_does_not_resolve(files_domain_only):
- assert res == NssReturnCode.NOTFOUND
-
-
--def test_add_remove_add_file_group(setup_gr_with_canary, files_domain_only):
-+def test_add_remove_add_file_group(
-+ setup_pw_with_canary, setup_gr_with_canary, files_domain_only
-+):
- """
- Test that removing a group is detected and the group
- is removed from the sssd database. Similarly, an add
-@@ -776,6 +793,7 @@ def test_add_remove_add_file_group(setup_gr_with_canary, files_domain_only):
- res, group = call_sssd_getgrnam(GROUP1["name"])
- assert res == NssReturnCode.NOTFOUND
-
-+ add_group_members(setup_pw_with_canary, GROUP1)
- setup_gr_with_canary.groupadd(**GROUP1)
- check_group(GROUP1)
-
-@@ -817,8 +835,10 @@ def test_mod_group_gid(add_group_with_canary, files_domain_only):
-
-
- @pytest.fixture
--def add_group_nomem_with_canary(group_ops_setup):
-- return setup_gr_with_list(group_ops_setup, [GROUP_NOMEM, CANARY_GR])
-+def add_group_nomem_with_canary(passwd_ops_setup, group_ops_setup):
-+ return setup_gr_with_list(
-+ passwd_ops_setup, group_ops_setup, [GROUP_NOMEM, CANARY_GR]
-+ )
-
-
- def test_getgrnam_no_members(add_group_nomem_with_canary, files_domain_only):
-@@ -911,16 +931,19 @@ def test_getgrnam_ghost(setup_pw_with_canary,
- setup_gr_with_canary,
- files_domain_only):
- """
-- Test that a group with members while the members are not present
-- are added as ghosts. This is also what nss_files does, getgrnam would
-- return group members that do not exist as well.
-+ Test that group if not found (and will be handled by nss_files) if there
-+ are any ghost members.
- """
- user_and_group_setup(setup_pw_with_canary,
- setup_gr_with_canary,
- [],
- [GROUP12],
- False)
-- check_group(GROUP12)
-+
-+ time.sleep(1)
-+ res, group = call_sssd_getgrnam(GROUP12["name"])
-+ assert res == NssReturnCode.NOTFOUND
-+
- for member in GROUP12['mem']:
- res, _ = call_sssd_getpwnam(member)
- assert res == NssReturnCode.NOTFOUND
-@@ -932,7 +955,10 @@ def ghost_and_member_test(pw_ops, grp_ops, reverse):
- [USER1],
- [GROUP12],
- reverse)
-- check_group(GROUP12)
-+
-+ time.sleep(1)
-+ res, group = call_sssd_getgrnam(GROUP12["name"])
-+ assert res == NssReturnCode.NOTFOUND
-
- # We checked that the group added has the same members as group12,
- # so both user1 and user2. Now check that user1 is a member of
-@@ -1027,28 +1053,21 @@ def test_getgrnam_add_remove_ghosts(setup_pw_with_canary,
- modgroup = dict(GROUP_NOMEM)
- modgroup['mem'] = ['user1', 'user2']
- add_group_nomem_with_canary.groupmod(old_name=modgroup['name'], **modgroup)
-- check_group(modgroup)
-+ time.sleep(1)
-+ res, group = call_sssd_getgrnam(modgroup['name'])
-+ assert res == sssd_id.NssReturnCode.NOTFOUND
-
- modgroup['mem'] = ['user2']
- add_group_nomem_with_canary.groupmod(old_name=modgroup['name'], **modgroup)
-- check_group(modgroup)
-+ time.sleep(1)
-+ res, group = call_sssd_getgrnam(modgroup['name'])
-+ assert res == sssd_id.NssReturnCode.NOTFOUND
-
- res, _ = call_sssd_getpwnam('user1')
- assert res == NssReturnCode.NOTFOUND
- res, _ = call_sssd_getpwnam('user2')
- assert res == NssReturnCode.NOTFOUND
-
-- # Add this user and verify it's been added as a member
-- pwd_ops.useradd(**USER2)
-- # The negative cache might still have user2 from the previous request,
-- # flushing the caches might help to prevent a failed lookup after adding
-- # the user.
-- subprocess.call(["sss_cache", "-E"])
-- res, groups = sssd_id_sync('user2')
-- assert res == sssd_id.NssReturnCode.SUCCESS
-- assert len(groups) == 2
-- assert 'group_nomem' in groups
--
-
- def realloc_users(pwd_ops, num):
- # Intentionally not including the last one because
---
-2.21.3
-
diff --git a/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch b/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
deleted file mode 100644
index 1c4f461..0000000
--- a/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 100839b64390d7010bfa28552fd9381ef4366496 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 26 Jun 2020 09:48:17 +0200
-Subject: [PATCH] PAM: do not treat error for cache-only lookups as fatal
-
-The original fatal error came from a time where at this place in the
-code the response form the backend was checked and an error was clearly
-fatal.
-
-Now we only check if the entry is in the cache and valid. An error would
-mean that the backend is called to lookup or refresh the entry. So the
-backend can change the state of the cache and make upcoming cache
-lookups successful. So it makes sense to not only call the backend if
-ENOENT is returned but for all kind of errors.
-
-Resolves https://pagure.io/SSSD/sssd/issue/4098
-
-Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
----
- src/responder/pam/pamsrv_cmd.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
-index 1cd901f15..666131cb7 100644
---- a/src/responder/pam/pamsrv_cmd.c
-+++ b/src/responder/pam/pamsrv_cmd.c
-@@ -1941,10 +1941,8 @@ static void pam_check_user_search_next(struct tevent_req *req)
- ret = cache_req_single_domain_recv(preq, req, &result);
- talloc_zfree(req);
- if (ret != EOK && ret != ENOENT) {
-- DEBUG(SSSDBG_CRIT_FAILURE,
-- "Fatal error, killing connection!\n");
-- talloc_zfree(preq->cctx);
-- return;
-+ DEBUG(SSSDBG_OP_FAILURE, "Cache lookup failed, trying to get fresh "
-+ "data from the backened.\n");
- }
-
- DEBUG(SSSDBG_TRACE_ALL, "PAM initgroups scheme [%s].\n",
---
-2.21.3
-
diff --git a/SOURCES/0028-mem-cache-sizes-of-free-and-data-tables-were-made-co.patch b/SOURCES/0028-mem-cache-sizes-of-free-and-data-tables-were-made-co.patch
deleted file mode 100644
index fe893fb..0000000
--- a/SOURCES/0028-mem-cache-sizes-of-free-and-data-tables-were-made-co.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-From 2d90e642078c15f001b34a0a50a67fa6eac9a3b9 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 3 Mar 2020 18:44:11 +0100
-Subject: [PATCH 28/35] mem-cache: sizes of free and data tables were made
- consistent
-
-Since size of "free table" didn't account for SSS_AVG_*_PAYLOAD factor
-only small fraction of "data table" was actually used.
-SSS_AVG_*_PAYLOAD differentiation for different payload types only
-affected size of hash table and was removed as unjustified.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5115
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/responder/nss/nsssrv.c | 22 +++++++++++-------
- src/responder/nss/nsssrv_mmap_cache.c | 33 +++++++--------------------
- src/responder/nss/nsssrv_mmap_cache.h | 2 --
- src/util/mmap_cache.h | 3 ---
- 4 files changed, 22 insertions(+), 38 deletions(-)
-
-diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
-index 87300058f..21d93ae77 100644
---- a/src/responder/nss/nsssrv.c
-+++ b/src/responder/nss/nsssrv.c
-@@ -83,10 +83,9 @@ nss_clear_memcache(TALLOC_CTX *mem_ctx,
- return ret;
- }
-
-- /* TODO: read cache sizes from configuration */
- DEBUG(SSSDBG_TRACE_FUNC, "Clearing memory caches.\n");
- ret = sss_mmap_cache_reinit(nctx, nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_CACHE_ELEMENTS,
-+ -1, /* keep current size */
- (time_t) memcache_timeout,
- &nctx->pwd_mc_ctx);
- if (ret != EOK) {
-@@ -96,7 +95,7 @@ nss_clear_memcache(TALLOC_CTX *mem_ctx,
- }
-
- ret = sss_mmap_cache_reinit(nctx, nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_CACHE_ELEMENTS,
-+ -1, /* keep current size */
- (time_t) memcache_timeout,
- &nctx->grp_mc_ctx);
- if (ret != EOK) {
-@@ -106,7 +105,7 @@ nss_clear_memcache(TALLOC_CTX *mem_ctx,
- }
-
- ret = sss_mmap_cache_reinit(nctx, nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_CACHE_ELEMENTS,
-+ -1, /* keep current size */
- (time_t)memcache_timeout,
- &nctx->initgr_mc_ctx);
- if (ret != EOK) {
-@@ -210,6 +209,11 @@ done:
-
- static int setup_memcaches(struct nss_ctx *nctx)
- {
-+ /* TODO: read cache sizes from configuration */
-+ static const size_t SSS_MC_CACHE_PASSWD_SLOTS = 200000; /* 8mb */
-+ static const size_t SSS_MC_CACHE_GROUP_SLOTS = 150000; /* 6mb */
-+ static const size_t SSS_MC_CACHE_INITGROUP_SLOTS = 250000; /* 10mb */
-+
- int ret;
- int memcache_timeout;
-
-@@ -239,11 +243,11 @@ static int setup_memcaches(struct nss_ctx *nctx)
- return EOK;
- }
-
-- /* TODO: read cache sizes from configuration */
- ret = sss_mmap_cache_init(nctx, "passwd",
- nctx->mc_uid, nctx->mc_gid,
- SSS_MC_PASSWD,
-- SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
-+ SSS_MC_CACHE_PASSWD_SLOTS,
-+ (time_t)memcache_timeout,
- &nctx->pwd_mc_ctx);
- if (ret) {
- DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
-@@ -252,7 +256,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
- ret = sss_mmap_cache_init(nctx, "group",
- nctx->mc_uid, nctx->mc_gid,
- SSS_MC_GROUP,
-- SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
-+ SSS_MC_CACHE_GROUP_SLOTS,
-+ (time_t)memcache_timeout,
- &nctx->grp_mc_ctx);
- if (ret) {
- DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
-@@ -261,7 +266,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
- ret = sss_mmap_cache_init(nctx, "initgroups",
- nctx->mc_uid, nctx->mc_gid,
- SSS_MC_INITGROUPS,
-- SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
-+ SSS_MC_CACHE_INITGROUP_SLOTS,
-+ (time_t)memcache_timeout,
- &nctx->initgr_mc_ctx);
- if (ret) {
- DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
-diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
-index 69e767690..5e23bbe6f 100644
---- a/src/responder/nss/nsssrv_mmap_cache.c
-+++ b/src/responder/nss/nsssrv_mmap_cache.c
-@@ -28,13 +28,6 @@
- #include "responder/nss/nss_private.h"
- #include "responder/nss/nsssrv_mmap_cache.h"
-
--/* arbitrary (avg of my /etc/passwd) */
--#define SSS_AVG_PASSWD_PAYLOAD (MC_SLOT_SIZE * 4)
--/* short group name and no gids (private user group */
--#define SSS_AVG_GROUP_PAYLOAD (MC_SLOT_SIZE * 3)
--/* average place for 40 supplementary groups + 2 names */
--#define SSS_AVG_INITGROUP_PAYLOAD (MC_SLOT_SIZE * 5)
--
- #define MC_NEXT_BARRIER(val) ((((val) + 1) & 0x00ffffff) | 0xf0000000)
-
- #define MC_RAISE_BARRIER(m) do { \
-@@ -1251,24 +1244,14 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
- enum sss_mc_type type, size_t n_elem,
- time_t timeout, struct sss_mc_ctx **mcc)
- {
-+ /* sss_mc_header alone occupies whole slot,
-+ * so each entry takes 2 slots at the very least
-+ */
-+ static const int PAYLOAD_FACTOR = 2;
-+
- struct sss_mc_ctx *mc_ctx = NULL;
-- int payload;
- int ret, dret;
-
-- switch (type) {
-- case SSS_MC_PASSWD:
-- payload = SSS_AVG_PASSWD_PAYLOAD;
-- break;
-- case SSS_MC_GROUP:
-- payload = SSS_AVG_GROUP_PAYLOAD;
-- break;
-- case SSS_MC_INITGROUPS:
-- payload = SSS_AVG_INITGROUP_PAYLOAD;
-- break;
-- default:
-- return EINVAL;
-- }
--
- mc_ctx = talloc_zero(mem_ctx, struct sss_mc_ctx);
- if (!mc_ctx) {
- return ENOMEM;
-@@ -1303,9 +1286,9 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
-
- /* hash table is double the size because it will store both forward and
- * reverse keys (name/uid, name/gid, ..) */
-- mc_ctx->ht_size = MC_HT_SIZE(n_elem * 2);
-- mc_ctx->dt_size = MC_DT_SIZE(n_elem, payload);
-- mc_ctx->ft_size = MC_FT_SIZE(n_elem);
-+ mc_ctx->ht_size = MC_HT_SIZE(2 * n_elem / PAYLOAD_FACTOR);
-+ mc_ctx->dt_size = n_elem * MC_SLOT_SIZE;
-+ mc_ctx->ft_size = n_elem / 8; /* 1 bit per slot */
- mc_ctx->mmap_size = MC_HEADER_SIZE +
- MC_ALIGN64(mc_ctx->dt_size) +
- MC_ALIGN64(mc_ctx->ft_size) +
-diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h
-index e06257949..c40af2fb4 100644
---- a/src/responder/nss/nsssrv_mmap_cache.h
-+++ b/src/responder/nss/nsssrv_mmap_cache.h
-@@ -22,8 +22,6 @@
- #ifndef _NSSSRV_MMAP_CACHE_H_
- #define _NSSSRV_MMAP_CACHE_H_
-
--#define SSS_MC_CACHE_ELEMENTS 50000
--
- struct sss_mc_ctx;
-
- enum sss_mc_type {
-diff --git a/src/util/mmap_cache.h b/src/util/mmap_cache.h
-index 63e096027..d3d92bc98 100644
---- a/src/util/mmap_cache.h
-+++ b/src/util/mmap_cache.h
-@@ -40,9 +40,6 @@ typedef uint32_t rel_ptr_t;
-
- #define MC_HT_SIZE(elems) ( (elems) * MC_32 )
- #define MC_HT_ELEMS(size) ( (size) / MC_32 )
--#define MC_DT_SIZE(elems, payload) ( (elems) * (payload) )
--#define MC_FT_SIZE(elems) ( (elems) / 8 )
--/* ^^ 8 bits per byte so we need just elems/8 bytes to represent all blocks */
-
- #define MC_PTR_ADD(ptr, bytes) (void *)((uint8_t *)(ptr) + (bytes))
- #define MC_PTR_DIFF(ptr, base) ((uint8_t *)(ptr) - (uint8_t *)(base))
---
-2.21.3
-
diff --git a/SOURCES/0029-NSS-make-memcache-size-configurable.patch b/SOURCES/0029-NSS-make-memcache-size-configurable.patch
deleted file mode 100644
index f69db08..0000000
--- a/SOURCES/0029-NSS-make-memcache-size-configurable.patch
+++ /dev/null
@@ -1,543 +0,0 @@
-From 80e7163b7bf512a45e2fa31494f3bdff9e9e2dce Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 4 Mar 2020 16:26:18 +0100
-Subject: [PATCH 29/35] NSS: make memcache size configurable
-
-Added options to configure memcache size:
-memcache_size_passwd
-memcache_size_group
-memcache_size_initgroups
-
-Related:
-https://github.com/SSSD/sssd/issues/4578
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/confdb/confdb.h | 3 +
- src/config/SSSDConfig/sssdoptions.py | 3 +
- src/config/cfg_rules.ini | 3 +
- src/man/sssd.conf.5.xml | 78 +++++++++
- src/responder/nss/nsssrv.c | 104 ++++++++----
- src/tests/intg/test_memory_cache.py | 236 +++++++++++++++++++++++++++
- 6 files changed, 398 insertions(+), 29 deletions(-)
-
-diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
-index a5d35fd70..c96896da5 100644
---- a/src/confdb/confdb.h
-+++ b/src/confdb/confdb.h
-@@ -115,6 +115,9 @@
- #define CONFDB_NSS_SHELL_FALLBACK "shell_fallback"
- #define CONFDB_NSS_DEFAULT_SHELL "default_shell"
- #define CONFDB_MEMCACHE_TIMEOUT "memcache_timeout"
-+#define CONFDB_NSS_MEMCACHE_SIZE_PASSWD "memcache_size_passwd"
-+#define CONFDB_NSS_MEMCACHE_SIZE_GROUP "memcache_size_group"
-+#define CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS "memcache_size_initgroups"
- #define CONFDB_NSS_HOMEDIR_SUBSTRING "homedir_substring"
- #define CONFDB_DEFAULT_HOMEDIR_SUBSTRING "/home"
-
-diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
-index 9c071f70a..16d85cfa3 100644
---- a/src/config/SSSDConfig/sssdoptions.py
-+++ b/src/config/SSSDConfig/sssdoptions.py
-@@ -72,6 +72,9 @@ class SSSDOptions(object):
- 'shell_fallback': _('If a shell stored in central directory is allowed but not available, use this fallback'),
- 'default_shell': _('Shell to use if the provider does not list one'),
- 'memcache_timeout': _('How long will be in-memory cache records valid'),
-+ 'memcache_size_passwd': _('Number of slots in fast in-memory cache for passwd requests'),
-+ 'memcache_size_group': _('Number of slots in fast in-memory cache for group requests'),
-+ 'memcache_size_initgroups': _('Number of slots in fast in-memory cache for initgroups requests'),
- 'homedir_substring': _('The value of this option will be used in the expansion of the override_homedir option '
- 'if the template contains the format string %H.'),
- 'get_domains_timeout': _('Specifies time in seconds for which the list of subdomains will be considered '
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index 1a7e2c5cd..2874ea048 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -92,6 +92,9 @@ option = shell_fallback
- option = default_shell
- option = get_domains_timeout
- option = memcache_timeout
-+option = memcache_size_passwd
-+option = memcache_size_group
-+option = memcache_size_initgroups
-
- [rule/allowed_pam_options]
- validator = ini_allowed_options
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index 9a9679a4b..9bc2e26e5 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -1100,6 +1100,84 @@ fallback_homedir = /home/%u
- </para>
- </listitem>
- </varlistentry>
-+ <varlistentry>
-+ <term>memcache_size_passwd (integer)</term>
-+ <listitem>
-+ <para>
-+ Number of slots allocated inside fast in-memory
-+ cache for passwd requests. Note that one entry
-+ in fast in-memory cache can occupy more than one slot.
-+ Setting the size to 0 will disable the passwd in-memory
-+ cache.
-+ </para>
-+ <para>
-+ Default: 200000
-+ </para>
-+ <para>
-+ WARNING: Disabled or too small in-memory cache can
-+ have significant negative impact on SSSD's
-+ performance.
-+ </para>
-+ <para>
-+ NOTE: If the environment variable
-+ SSS_NSS_USE_MEMCACHE is set to "NO", client
-+ applications will not use the fast in-memory
-+ cache.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+ <varlistentry>
-+ <term>memcache_size_group (integer)</term>
-+ <listitem>
-+ <para>
-+ Number of slots allocated inside fast in-memory
-+ cache for group requests. Note that one entry
-+ in fast in-memory cache can occupy more than one
-+ slot. Setting the size to 0 will disable the group
-+ in-memory cache.
-+ </para>
-+ <para>
-+ Default: 150000
-+ </para>
-+ <para>
-+ WARNING: Disabled or too small in-memory cache can
-+ have significant negative impact on SSSD's
-+ performance.
-+ </para>
-+ <para>
-+ NOTE: If the environment variable
-+ SSS_NSS_USE_MEMCACHE is set to "NO", client
-+ applications will not use the fast in-memory
-+ cache.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+ <varlistentry>
-+ <term>memcache_size_initgroups (integer)</term>
-+ <listitem>
-+ <para>
-+ Number of slots allocated inside fast in-memory
-+ cache for initgroups requests. Note that one entry
-+ in fast in-memory cache can occupy more than one
-+ slot. Setting the size to 0 will disable the
-+ initgroups in-memory cache.
-+ </para>
-+ <para>
-+ Default: 250000
-+ </para>
-+ <para>
-+ WARNING: Disabled or too small in-memory cache can
-+ have significant negative impact on SSSD's
-+ performance.
-+ </para>
-+ <para>
-+ NOTE: If the environment variable
-+ SSS_NSS_USE_MEMCACHE is set to "NO", client
-+ applications will not use the fast in-memory
-+ cache.
-+ </para>
-+ </listitem>
-+ </varlistentry>
- <varlistentry>
- <term>user_attributes (string)</term>
- <listitem>
-diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
-index 21d93ae77..0a201d3ae 100644
---- a/src/responder/nss/nsssrv.c
-+++ b/src/responder/nss/nsssrv.c
-@@ -209,13 +209,16 @@ done:
-
- static int setup_memcaches(struct nss_ctx *nctx)
- {
-- /* TODO: read cache sizes from configuration */
-+ /* Default memcache sizes */
- static const size_t SSS_MC_CACHE_PASSWD_SLOTS = 200000; /* 8mb */
- static const size_t SSS_MC_CACHE_GROUP_SLOTS = 150000; /* 6mb */
- static const size_t SSS_MC_CACHE_INITGROUP_SLOTS = 250000; /* 10mb */
-
- int ret;
- int memcache_timeout;
-+ int mc_size_passwd;
-+ int mc_size_group;
-+ int mc_size_initgroups;
-
- /* Remove the CLEAR_MC_FLAG file if exists. */
- ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
-@@ -243,34 +246,77 @@ static int setup_memcaches(struct nss_ctx *nctx)
- return EOK;
- }
-
-- ret = sss_mmap_cache_init(nctx, "passwd",
-- nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_PASSWD,
-- SSS_MC_CACHE_PASSWD_SLOTS,
-- (time_t)memcache_timeout,
-- &nctx->pwd_mc_ctx);
-- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
-- }
--
-- ret = sss_mmap_cache_init(nctx, "group",
-- nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_GROUP,
-- SSS_MC_CACHE_GROUP_SLOTS,
-- (time_t)memcache_timeout,
-- &nctx->grp_mc_ctx);
-- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
-- }
--
-- ret = sss_mmap_cache_init(nctx, "initgroups",
-- nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_INITGROUPS,
-- SSS_MC_CACHE_INITGROUP_SLOTS,
-- (time_t)memcache_timeout,
-- &nctx->initgr_mc_ctx);
-- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
-+ /* Get all memcache sizes from confdb (pwd, grp, initgr) */
-+
-+ ret = confdb_get_int(nctx->rctx->cdb,
-+ CONFDB_NSS_CONF_ENTRY,
-+ CONFDB_NSS_MEMCACHE_SIZE_PASSWD,
-+ SSS_MC_CACHE_PASSWD_SLOTS,
-+ &mc_size_passwd);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_FATAL_FAILURE,
-+ "Failed to get 'memcache_size_passwd' option from confdb.\n");
-+ return ret;
-+ }
-+
-+ ret = confdb_get_int(nctx->rctx->cdb,
-+ CONFDB_NSS_CONF_ENTRY,
-+ CONFDB_NSS_MEMCACHE_SIZE_GROUP,
-+ SSS_MC_CACHE_GROUP_SLOTS,
-+ &mc_size_group);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_FATAL_FAILURE,
-+ "Failed to get 'memcache_size_group' option from confdb.\n");
-+ return ret;
-+ }
-+
-+ ret = confdb_get_int(nctx->rctx->cdb,
-+ CONFDB_NSS_CONF_ENTRY,
-+ CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS,
-+ SSS_MC_CACHE_INITGROUP_SLOTS,
-+ &mc_size_initgroups);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_FATAL_FAILURE,
-+ "Failed to get 'memcache_size_nitgroups' option from confdb.\n");
-+ return ret;
-+ }
-+
-+ /* Initialize the fast in-memory caches if they were not disabled */
-+
-+ if (mc_size_passwd != 0) {
-+ ret = sss_mmap_cache_init(nctx, "passwd",
-+ nctx->mc_uid, nctx->mc_gid,
-+ SSS_MC_PASSWD,
-+ mc_size_passwd,
-+ (time_t)memcache_timeout,
-+ &nctx->pwd_mc_ctx);
-+ if (ret) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
-+ }
-+ }
-+
-+ if (mc_size_group != 0) {
-+ ret = sss_mmap_cache_init(nctx, "group",
-+ nctx->mc_uid, nctx->mc_gid,
-+ SSS_MC_GROUP,
-+ mc_size_group,
-+ (time_t)memcache_timeout,
-+ &nctx->grp_mc_ctx);
-+ if (ret) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
-+ }
-+ }
-+
-+ if (mc_size_initgroups != 0) {
-+ ret = sss_mmap_cache_init(nctx, "initgroups",
-+ nctx->mc_uid, nctx->mc_gid,
-+ SSS_MC_INITGROUPS,
-+ mc_size_initgroups,
-+ (time_t)memcache_timeout,
-+ &nctx->initgr_mc_ctx);
-+ if (ret) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
-+ }
- }
-
- return EOK;
-diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py
-index 322f76fe0..6ed696e00 100644
---- a/src/tests/intg/test_memory_cache.py
-+++ b/src/tests/intg/test_memory_cache.py
-@@ -135,6 +135,112 @@ def load_data_to_ldap(request, ldap_conn):
- create_ldap_fixture(request, ldap_conn, ent_list)
-
-
-+@pytest.fixture
-+def disable_memcache_rfc2307(request, ldap_conn):
-+ load_data_to_ldap(request, ldap_conn)
-+
-+ conf = unindent("""\
-+ [sssd]
-+ domains = LDAP
-+ services = nss
-+
-+ [nss]
-+ memcache_size_group = 0
-+ memcache_size_passwd = 0
-+ memcache_size_initgroups = 0
-+
-+ [domain/LDAP]
-+ ldap_auth_disable_tls_never_use_in_production = true
-+ ldap_schema = rfc2307
-+ id_provider = ldap
-+ auth_provider = ldap
-+ sudo_provider = ldap
-+ ldap_uri = {ldap_conn.ds_inst.ldap_url}
-+ ldap_search_base = {ldap_conn.ds_inst.base_dn}
-+ """).format(**locals())
-+ create_conf_fixture(request, conf)
-+ create_sssd_fixture(request)
-+ return None
-+
-+
-+@pytest.fixture
-+def disable_pwd_mc_rfc2307(request, ldap_conn):
-+ load_data_to_ldap(request, ldap_conn)
-+
-+ conf = unindent("""\
-+ [sssd]
-+ domains = LDAP
-+ services = nss
-+
-+ [nss]
-+ memcache_size_passwd = 0
-+
-+ [domain/LDAP]
-+ ldap_auth_disable_tls_never_use_in_production = true
-+ ldap_schema = rfc2307
-+ id_provider = ldap
-+ auth_provider = ldap
-+ sudo_provider = ldap
-+ ldap_uri = {ldap_conn.ds_inst.ldap_url}
-+ ldap_search_base = {ldap_conn.ds_inst.base_dn}
-+ """).format(**locals())
-+ create_conf_fixture(request, conf)
-+ create_sssd_fixture(request)
-+ return None
-+
-+
-+@pytest.fixture
-+def disable_grp_mc_rfc2307(request, ldap_conn):
-+ load_data_to_ldap(request, ldap_conn)
-+
-+ conf = unindent("""\
-+ [sssd]
-+ domains = LDAP
-+ services = nss
-+
-+ [nss]
-+ memcache_size_group = 0
-+
-+ [domain/LDAP]
-+ ldap_auth_disable_tls_never_use_in_production = true
-+ ldap_schema = rfc2307
-+ id_provider = ldap
-+ auth_provider = ldap
-+ sudo_provider = ldap
-+ ldap_uri = {ldap_conn.ds_inst.ldap_url}
-+ ldap_search_base = {ldap_conn.ds_inst.base_dn}
-+ """).format(**locals())
-+ create_conf_fixture(request, conf)
-+ create_sssd_fixture(request)
-+ return None
-+
-+
-+@pytest.fixture
-+def disable_initgr_mc_rfc2307(request, ldap_conn):
-+ load_data_to_ldap(request, ldap_conn)
-+
-+ conf = unindent("""\
-+ [sssd]
-+ domains = LDAP
-+ services = nss
-+
-+ [nss]
-+ memcache_size_initgroups = 0
-+
-+ [domain/LDAP]
-+ ldap_auth_disable_tls_never_use_in_production = true
-+ ldap_schema = rfc2307
-+ id_provider = ldap
-+ auth_provider = ldap
-+ sudo_provider = ldap
-+ ldap_uri = {ldap_conn.ds_inst.ldap_url}
-+ ldap_search_base = {ldap_conn.ds_inst.base_dn}
-+ """).format(**locals())
-+ create_conf_fixture(request, conf)
-+ create_sssd_fixture(request)
-+ return None
-+
-+
- @pytest.fixture
- def sanity_rfc2307(request, ldap_conn):
- load_data_to_ldap(request, ldap_conn)
-@@ -354,6 +460,19 @@ def test_getgrnam_simple_with_mc(ldap_conn, sanity_rfc2307):
- test_getgrnam_simple(ldap_conn, sanity_rfc2307)
-
-
-+def test_getgrnam_simple_disabled_pwd_mc(ldap_conn, disable_pwd_mc_rfc2307):
-+ test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307)
-+ stop_sssd()
-+ test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307)
-+
-+
-+def test_getgrnam_simple_disabled_intitgr_mc(ldap_conn,
-+ disable_initgr_mc_rfc2307):
-+ test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307)
-+ stop_sssd()
-+ test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307)
-+
-+
- def test_getgrnam_membership(ldap_conn, sanity_rfc2307):
- ent.assert_group_by_name(
- "group1",
-@@ -919,3 +1038,120 @@ def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307):
- grp.getgrnam('group1')
- with pytest.raises(KeyError):
- grp.getgrgid(2001)
-+
-+
-+def test_disabled_mc(ldap_conn, disable_memcache_rfc2307):
-+ ent.assert_passwd_by_name(
-+ 'user1',
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+ ent.assert_passwd_by_uid(
-+ 1001,
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+
-+ ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
-+ ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
-+
-+ assert_user_gids_equal('user1', [2000, 2001])
-+
-+ stop_sssd()
-+
-+ # sssd is stopped and the memory cache is disabled;
-+ # so pytest should not be able to find anything
-+ with pytest.raises(KeyError):
-+ pwd.getpwnam('user1')
-+ with pytest.raises(KeyError):
-+ pwd.getpwuid(1001)
-+
-+ with pytest.raises(KeyError):
-+ grp.getgrnam('group1')
-+ with pytest.raises(KeyError):
-+ grp.getgrgid(2001)
-+
-+ with pytest.raises(KeyError):
-+ (res, errno, gids) = sssd_id.get_user_gids('user1')
-+
-+
-+def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307):
-+ ent.assert_passwd_by_name(
-+ 'user1',
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+ ent.assert_passwd_by_uid(
-+ 1001,
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+
-+ assert_user_gids_equal('user1', [2000, 2001])
-+
-+ stop_sssd()
-+
-+ # passwd cache is disabled
-+ with pytest.raises(KeyError):
-+ pwd.getpwnam('user1')
-+ with pytest.raises(KeyError):
-+ pwd.getpwuid(1001)
-+
-+ # Initgroups looks up the user first, hence KeyError from the
-+ # passwd database even if the initgroups cache is active.
-+ with pytest.raises(KeyError):
-+ (res, errno, gids) = sssd_id.get_user_gids('user1')
-+
-+
-+def test_disabled_group_mc(ldap_conn, disable_grp_mc_rfc2307):
-+ ent.assert_passwd_by_name(
-+ 'user1',
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+ ent.assert_passwd_by_uid(
-+ 1001,
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+
-+ ent.assert_group_by_name("group1", dict(name="group1", gid=2001))
-+ ent.assert_group_by_gid(2001, dict(name="group1", gid=2001))
-+
-+ assert_user_gids_equal('user1', [2000, 2001])
-+
-+ stop_sssd()
-+
-+ # group cache is disabled, other caches should work
-+ ent.assert_passwd_by_name(
-+ 'user1',
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+ ent.assert_passwd_by_uid(
-+ 1001,
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+
-+ with pytest.raises(KeyError):
-+ grp.getgrnam('group1')
-+ with pytest.raises(KeyError):
-+ grp.getgrgid(2001)
-+
-+ assert_user_gids_equal('user1', [2000, 2001])
-+
-+
-+def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307):
-+ # Even if initgroups is disabled, passwd should work
-+ ent.assert_passwd_by_name(
-+ 'user1',
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+ ent.assert_passwd_by_uid(
-+ 1001,
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+
-+ stop_sssd()
-+
-+ ent.assert_passwd_by_name(
-+ 'user1',
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
-+ ent.assert_passwd_by_uid(
-+ 1001,
-+ dict(name='user1', passwd='*', uid=1001, gid=2001,
-+ gecos='1001', shell='/bin/bash'))
---
-2.21.3
-
diff --git a/SOURCES/0030-NSS-avoid-excessive-log-messages.patch b/SOURCES/0030-NSS-avoid-excessive-log-messages.patch
deleted file mode 100644
index 7ea31f3..0000000
--- a/SOURCES/0030-NSS-avoid-excessive-log-messages.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From e12340e7d9efe5f272e58d69333c1c09c3bcc44d Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Wed, 4 Mar 2020 21:09:33 +0100
-Subject: [PATCH 30/35] NSS: avoid excessive log messages
-
- - do not log error message if mem-cache was disabled explicitly
- - increase message severity in case of fail to store entry in mem-cache
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/responder/nss/nss_protocol_grent.c | 12 +++++++-----
- src/responder/nss/nss_protocol_pwent.c | 7 ++++---
- 2 files changed, 11 insertions(+), 8 deletions(-)
-
-diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c
-index 2f6d869ef..8f1d3fe81 100644
---- a/src/responder/nss/nss_protocol_grent.c
-+++ b/src/responder/nss/nss_protocol_grent.c
-@@ -292,16 +292,17 @@ nss_protocol_fill_grent(struct nss_ctx *nss_ctx,
- num_results++;
-
- /* Do not store entry in memory cache during enumeration or when
-- * requested. */
-+ * requested or if cache explicitly disabled. */
- if (!cmd_ctx->enumeration
-- && (cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0) {
-+ && ((cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0)
-+ && (nss_ctx->grp_mc_ctx != NULL)) {
- members = (char *)&body[rp_members];
- members_size = body_len - rp_members;
- ret = sss_mmap_cache_gr_store(&nss_ctx->grp_mc_ctx, name, &pwfield,
- gid, num_members, members,
- members_size);
- if (ret != EOK) {
-- DEBUG(SSSDBG_MINOR_FAILURE,
-+ DEBUG(SSSDBG_OP_FAILURE,
- "Failed to store group %s (%s) in mem-cache [%d]: %s!\n",
- name->str, result->domain->name, ret, sss_strerror(ret));
- }
-@@ -423,7 +424,8 @@ nss_protocol_fill_initgr(struct nss_ctx *nss_ctx,
- }
-
- if (nss_ctx->initgr_mc_ctx
-- && (cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0) {
-+ && ((cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0)
-+ && (nss_ctx->initgr_mc_ctx != NULL)) {
- to_sized_string(&rawname, cmd_ctx->rawname);
- to_sized_string(&unique_name, result->lookup_name);
-
-@@ -431,7 +433,7 @@ nss_protocol_fill_initgr(struct nss_ctx *nss_ctx,
- &unique_name, num_results,
- body + 2 * sizeof(uint32_t));
- if (ret != EOK) {
-- DEBUG(SSSDBG_MINOR_FAILURE,
-+ DEBUG(SSSDBG_OP_FAILURE,
- "Failed to store initgroups %s (%s) in mem-cache [%d]: %s!\n",
- rawname.str, domain->name, ret, sss_strerror(ret));
- sss_packet_set_size(packet, 0);
-diff --git a/src/responder/nss/nss_protocol_pwent.c b/src/responder/nss/nss_protocol_pwent.c
-index 31fd01698..f9f3f0cf0 100644
---- a/src/responder/nss/nss_protocol_pwent.c
-+++ b/src/responder/nss/nss_protocol_pwent.c
-@@ -301,13 +301,14 @@ nss_protocol_fill_pwent(struct nss_ctx *nss_ctx,
- num_results++;
-
- /* Do not store entry in memory cache during enumeration or when
-- * requested. */
-+ * requested or if cache explicitly disabled. */
- if (!cmd_ctx->enumeration
-- && (cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0) {
-+ && ((cmd_ctx->flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) == 0)
-+ && (nss_ctx->pwd_mc_ctx != NULL)) {
- ret = sss_mmap_cache_pw_store(&nss_ctx->pwd_mc_ctx, name, &pwfield,
- uid, gid, &gecos, &homedir, &shell);
- if (ret != EOK) {
-- DEBUG(SSSDBG_MINOR_FAILURE,
-+ DEBUG(SSSDBG_OP_FAILURE,
- "Failed to store user %s (%s) in mmap cache [%d]: %s!\n",
- name->str, result->domain->name, ret, sss_strerror(ret));
- }
---
-2.21.3
-
diff --git a/SOURCES/0031-NSS-enhanced-debug-during-mem-cache-initialization.patch b/SOURCES/0031-NSS-enhanced-debug-during-mem-cache-initialization.patch
deleted file mode 100644
index 270f768..0000000
--- a/SOURCES/0031-NSS-enhanced-debug-during-mem-cache-initialization.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From be8052bbb61c572702fe16e2850539f445dcc0e2 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Wed, 4 Mar 2020 22:13:52 +0100
-Subject: [PATCH 31/35] NSS: enhanced debug during mem-cache initialization
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/responder/nss/nsssrv.c | 39 ++++++++++++++++++++++++++++++++------
- 1 file changed, 33 insertions(+), 6 deletions(-)
-
-diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
-index 0a201d3ae..42a63d9bb 100644
---- a/src/responder/nss/nsssrv.c
-+++ b/src/responder/nss/nsssrv.c
-@@ -255,7 +255,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
- &mc_size_passwd);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
-- "Failed to get 'memcache_size_passwd' option from confdb.\n");
-+ "Failed to get '"CONFDB_NSS_MEMCACHE_SIZE_PASSWD
-+ "' option from confdb.\n");
- return ret;
- }
-
-@@ -266,7 +267,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
- &mc_size_group);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
-- "Failed to get 'memcache_size_group' option from confdb.\n");
-+ "Failed to get '"CONFDB_NSS_MEMCACHE_SIZE_GROUP
-+ "' option from confdb.\n");
- return ret;
- }
-
-@@ -277,7 +279,8 @@ static int setup_memcaches(struct nss_ctx *nctx)
- &mc_size_initgroups);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
-- "Failed to get 'memcache_size_nitgroups' option from confdb.\n");
-+ "Failed to get '"CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS
-+ "' option from confdb.\n");
- return ret;
- }
-
-@@ -291,8 +294,16 @@ static int setup_memcaches(struct nss_ctx *nctx)
- (time_t)memcache_timeout,
- &nctx->pwd_mc_ctx);
- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to initialize passwd mmap cache: '%s'\n",
-+ sss_strerror(ret));
-+ } else {
-+ DEBUG(SSSDBG_CONF_SETTINGS, "Passwd mmap cache size is %d\n",
-+ mc_size_passwd);
- }
-+ } else {
-+ DEBUG(SSSDBG_IMPORTANT_INFO,
-+ "Passwd mmap cache is explicitly DISABLED\n");
- }
-
- if (mc_size_group != 0) {
-@@ -303,8 +314,16 @@ static int setup_memcaches(struct nss_ctx *nctx)
- (time_t)memcache_timeout,
- &nctx->grp_mc_ctx);
- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to initialize group mmap cache: '%s'\n",
-+ sss_strerror(ret));
-+ } else {
-+ DEBUG(SSSDBG_CONF_SETTINGS, "Group mmap cache size is %d\n",
-+ mc_size_group);
- }
-+ } else {
-+ DEBUG(SSSDBG_IMPORTANT_INFO,
-+ "Group mmap cache is explicitly DISABLED\n");
- }
-
- if (mc_size_initgroups != 0) {
-@@ -315,8 +334,16 @@ static int setup_memcaches(struct nss_ctx *nctx)
- (time_t)memcache_timeout,
- &nctx->initgr_mc_ctx);
- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache is DISABLED\n");
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to initialize initgroups mmap cache: '%s'\n",
-+ sss_strerror(ret));
-+ } else {
-+ DEBUG(SSSDBG_CONF_SETTINGS, "Initgroups mmap cache size is %d\n",
-+ mc_size_initgroups);
- }
-+ } else {
-+ DEBUG(SSSDBG_IMPORTANT_INFO,
-+ "Initgroups mmap cache is explicitly DISABLED\n");
- }
-
- return EOK;
---
-2.21.3
-
diff --git a/SOURCES/0032-mem-cache-added-log-message-in-case-cache-is-full.patch b/SOURCES/0032-mem-cache-added-log-message-in-case-cache-is-full.patch
deleted file mode 100644
index e46c6e1..0000000
--- a/SOURCES/0032-mem-cache-added-log-message-in-case-cache-is-full.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 2ad4aa8f265e02d01f77e5d29d8377d849c78d11 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Wed, 4 Mar 2020 22:33:17 +0100
-Subject: [PATCH 32/35] mem-cache: added log message in case cache is full
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/responder/nss/nsssrv_mmap_cache.c | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
-index 5e23bbe6f..23df164da 100644
---- a/src/responder/nss/nsssrv_mmap_cache.c
-+++ b/src/responder/nss/nsssrv_mmap_cache.c
-@@ -371,6 +371,20 @@ static bool sss_mc_is_valid_rec(struct sss_mc_ctx *mcc, struct sss_mc_rec *rec)
- return true;
- }
-
-+static const char *mc_type_to_str(enum sss_mc_type type)
-+{
-+ switch (type) {
-+ case SSS_MC_PASSWD:
-+ return "PASSWD";
-+ case SSS_MC_GROUP:
-+ return "GROUP";
-+ case SSS_MC_INITGROUPS:
-+ return "INITGROUPS";
-+ default:
-+ return "-UNKNOWN-";
-+ }
-+}
-+
- /* FIXME: This is a very simplistic, inefficient, memory allocator,
- * it will just free the oldest entries regardless of expiration if it
- * cycled the whole free bits map and found no empty slot */
-@@ -438,6 +452,14 @@ static errno_t sss_mc_find_free_slots(struct sss_mc_ctx *mcc,
- } else {
- cur = mcc->next_slot;
- }
-+ if (cur == 0) {
-+ /* inform only once per full loop to avoid excessive spam */
-+ DEBUG(SSSDBG_IMPORTANT_INFO, "mmap cache of type '%s' is full\n",
-+ mc_type_to_str(mcc->type));
-+ sss_log(SSS_LOG_NOTICE, "mmap cache of type '%s' is full, if you see "
-+ "this message often then please consider increase of cache size",
-+ mc_type_to_str(mcc->type));
-+ }
- for (i = 0; i < num_slots; i++) {
- MC_PROBE_BIT(mcc->free_table, cur + i, used);
- if (used) {
---
-2.21.3
-
diff --git a/SOURCES/0033-NSS-make-memcache-size-configurable-in-megabytes.patch b/SOURCES/0033-NSS-make-memcache-size-configurable-in-megabytes.patch
deleted file mode 100644
index ba3365f..0000000
--- a/SOURCES/0033-NSS-make-memcache-size-configurable-in-megabytes.patch
+++ /dev/null
@@ -1,189 +0,0 @@
-From b7f31936e21b109b5446c48513619cd87974be54 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 31 Mar 2020 22:57:25 +0200
-Subject: [PATCH 33/35] NSS: make memcache size configurable in megabytes
-
-Memcache size was made configurable in megabytes and not in slots
-to hide internal implementation from users.
-
-Relates: https://github.com/SSSD/sssd/issues/5115
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/config/SSSDConfig/sssdoptions.py | 6 ++---
- src/man/sssd.conf.5.xml | 33 +++++++++++++---------------
- src/responder/nss/nsssrv.c | 20 +++++++++--------
- 3 files changed, 29 insertions(+), 30 deletions(-)
-
-diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py
-index 16d85cfa3..f57ad4b41 100644
---- a/src/config/SSSDConfig/sssdoptions.py
-+++ b/src/config/SSSDConfig/sssdoptions.py
-@@ -72,9 +72,9 @@ class SSSDOptions(object):
- 'shell_fallback': _('If a shell stored in central directory is allowed but not available, use this fallback'),
- 'default_shell': _('Shell to use if the provider does not list one'),
- 'memcache_timeout': _('How long will be in-memory cache records valid'),
-- 'memcache_size_passwd': _('Number of slots in fast in-memory cache for passwd requests'),
-- 'memcache_size_group': _('Number of slots in fast in-memory cache for group requests'),
-- 'memcache_size_initgroups': _('Number of slots in fast in-memory cache for initgroups requests'),
-+ 'memcache_size_passwd': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for passwd requests'),
-+ 'memcache_size_group': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for group requests'),
-+ 'memcache_size_initgroups': _('Size (in megabytes) of the data table allocated inside fast in-memory cache for initgroups requests'),
- 'homedir_substring': _('The value of this option will be used in the expansion of the override_homedir option '
- 'if the template contains the format string %H.'),
- 'get_domains_timeout': _('Specifies time in seconds for which the list of subdomains will be considered '
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index 9bc2e26e5..874a09c49 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -1076,7 +1076,7 @@ fallback_homedir = /home/%u
- </listitem>
- </varlistentry>
- <varlistentry>
-- <term>memcache_timeout (int)</term>
-+ <term>memcache_timeout (integer)</term>
- <listitem>
- <para>
- Specifies time in seconds for which records
-@@ -1104,14 +1104,13 @@ fallback_homedir = /home/%u
- <term>memcache_size_passwd (integer)</term>
- <listitem>
- <para>
-- Number of slots allocated inside fast in-memory
-- cache for passwd requests. Note that one entry
-- in fast in-memory cache can occupy more than one slot.
-- Setting the size to 0 will disable the passwd in-memory
-- cache.
-+ Size (in megabytes) of the data table allocated inside
-+ fast in-memory cache for passwd requests.
-+ Setting the size to 0 will disable the passwd
-+ in-memory cache.
- </para>
- <para>
-- Default: 200000
-+ Default: 8
- </para>
- <para>
- WARNING: Disabled or too small in-memory cache can
-@@ -1130,14 +1129,13 @@ fallback_homedir = /home/%u
- <term>memcache_size_group (integer)</term>
- <listitem>
- <para>
-- Number of slots allocated inside fast in-memory
-- cache for group requests. Note that one entry
-- in fast in-memory cache can occupy more than one
-- slot. Setting the size to 0 will disable the group
-+ Size (in megabytes) of the data table allocated inside
-+ fast in-memory cache for group requests.
-+ Setting the size to 0 will disable the group
- in-memory cache.
- </para>
- <para>
-- Default: 150000
-+ Default: 6
- </para>
- <para>
- WARNING: Disabled or too small in-memory cache can
-@@ -1156,14 +1154,13 @@ fallback_homedir = /home/%u
- <term>memcache_size_initgroups (integer)</term>
- <listitem>
- <para>
-- Number of slots allocated inside fast in-memory
-- cache for initgroups requests. Note that one entry
-- in fast in-memory cache can occupy more than one
-- slot. Setting the size to 0 will disable the
-- initgroups in-memory cache.
-+ Size (in megabytes) of the data table allocated inside
-+ fast in-memory cache for initgroups requests.
-+ Setting the size to 0 will disable the initgroups
-+ in-memory cache.
- </para>
- <para>
-- Default: 250000
-+ Default: 10
- </para>
- <para>
- WARNING: Disabled or too small in-memory cache can
-diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
-index 42a63d9bb..741e94aaa 100644
---- a/src/responder/nss/nsssrv.c
-+++ b/src/responder/nss/nsssrv.c
-@@ -34,6 +34,7 @@
-
- #include "util/util.h"
- #include "util/sss_ptr_hash.h"
-+#include "util/mmap_cache.h"
- #include "responder/nss/nss_private.h"
- #include "responder/nss/nss_iface.h"
- #include "responder/nss/nsssrv_mmap_cache.h"
-@@ -210,9 +211,10 @@ done:
- static int setup_memcaches(struct nss_ctx *nctx)
- {
- /* Default memcache sizes */
-- static const size_t SSS_MC_CACHE_PASSWD_SLOTS = 200000; /* 8mb */
-- static const size_t SSS_MC_CACHE_GROUP_SLOTS = 150000; /* 6mb */
-- static const size_t SSS_MC_CACHE_INITGROUP_SLOTS = 250000; /* 10mb */
-+ static const size_t SSS_MC_CACHE_SLOTS_PER_MB = 1024*1024/MC_SLOT_SIZE;
-+ static const size_t SSS_MC_CACHE_PASSWD_SIZE = 8;
-+ static const size_t SSS_MC_CACHE_GROUP_SIZE = 6;
-+ static const size_t SSS_MC_CACHE_INITGROUP_SIZE = 10;
-
- int ret;
- int memcache_timeout;
-@@ -251,7 +253,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
- ret = confdb_get_int(nctx->rctx->cdb,
- CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_MEMCACHE_SIZE_PASSWD,
-- SSS_MC_CACHE_PASSWD_SLOTS,
-+ SSS_MC_CACHE_PASSWD_SIZE,
- &mc_size_passwd);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
-@@ -263,7 +265,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
- ret = confdb_get_int(nctx->rctx->cdb,
- CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_MEMCACHE_SIZE_GROUP,
-- SSS_MC_CACHE_GROUP_SLOTS,
-+ SSS_MC_CACHE_GROUP_SIZE,
- &mc_size_group);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
-@@ -275,7 +277,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
- ret = confdb_get_int(nctx->rctx->cdb,
- CONFDB_NSS_CONF_ENTRY,
- CONFDB_NSS_MEMCACHE_SIZE_INITGROUPS,
-- SSS_MC_CACHE_INITGROUP_SLOTS,
-+ SSS_MC_CACHE_INITGROUP_SIZE,
- &mc_size_initgroups);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
-@@ -290,7 +292,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
- ret = sss_mmap_cache_init(nctx, "passwd",
- nctx->mc_uid, nctx->mc_gid,
- SSS_MC_PASSWD,
-- mc_size_passwd,
-+ mc_size_passwd * SSS_MC_CACHE_SLOTS_PER_MB,
- (time_t)memcache_timeout,
- &nctx->pwd_mc_ctx);
- if (ret) {
-@@ -310,7 +312,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
- ret = sss_mmap_cache_init(nctx, "group",
- nctx->mc_uid, nctx->mc_gid,
- SSS_MC_GROUP,
-- mc_size_group,
-+ mc_size_group * SSS_MC_CACHE_SLOTS_PER_MB,
- (time_t)memcache_timeout,
- &nctx->grp_mc_ctx);
- if (ret) {
-@@ -330,7 +332,7 @@ static int setup_memcaches(struct nss_ctx *nctx)
- ret = sss_mmap_cache_init(nctx, "initgroups",
- nctx->mc_uid, nctx->mc_gid,
- SSS_MC_INITGROUPS,
-- mc_size_initgroups,
-+ mc_size_initgroups * SSS_MC_CACHE_SLOTS_PER_MB,
- (time_t)memcache_timeout,
- &nctx->initgr_mc_ctx);
- if (ret) {
---
-2.21.3
-
diff --git a/SOURCES/0034-mem-cache-comment-added.patch b/SOURCES/0034-mem-cache-comment-added.patch
deleted file mode 100644
index 05404fb..0000000
--- a/SOURCES/0034-mem-cache-comment-added.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From b96b05bc40757b26f177e4093d7f4f5b96a0f7d0 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Fri, 3 Jul 2020 18:45:11 +0200
-Subject: [PATCH 34/35] mem-cache: comment added
-
-Added comment explaining usage of `mcc->next_slot`
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/responder/nss/nsssrv_mmap_cache.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
-index 23df164da..71919e4ac 100644
---- a/src/responder/nss/nsssrv_mmap_cache.c
-+++ b/src/responder/nss/nsssrv_mmap_cache.c
-@@ -65,7 +65,7 @@ struct sss_mc_ctx {
-
- uint8_t *free_table; /* free list bitmaps */
- uint32_t ft_size; /* size of free table */
-- uint32_t next_slot; /* the next slot after last allocation */
-+ uint32_t next_slot; /* the next slot after last allocation done via erasure */
-
- uint8_t *data_table; /* data table address (in mmap) */
- uint32_t dt_size; /* size of data table */
-@@ -442,6 +442,9 @@ static errno_t sss_mc_find_free_slots(struct sss_mc_ctx *mcc,
- if (cur == t) {
- /* ok found num_slots consecutive free bits */
- *free_slot = cur - num_slots;
-+ /* `mcc->next_slot` is not updated here intentionally.
-+ * For details see discussion in https://github.com/SSSD/sssd/pull/999
-+ */
- return EOK;
- }
- }
---
-2.21.3
-
diff --git a/SOURCES/0035-mem-cache-always-cleanup-old-content.patch b/SOURCES/0035-mem-cache-always-cleanup-old-content.patch
deleted file mode 100644
index af2e7ca..0000000
--- a/SOURCES/0035-mem-cache-always-cleanup-old-content.patch
+++ /dev/null
@@ -1,262 +0,0 @@
-From 484507bf20d27afd700d52c67651e6f08d1da1a3 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Wed, 8 Jul 2020 11:34:12 +0200
-Subject: [PATCH 35/35] mem-cache: always cleanup old content
-
-(Try to) cleanup old files even if currently mem-cache is disabled.
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/responder/nss/nsssrv.c | 98 ++++++++++-----------------
- src/responder/nss/nsssrv_mmap_cache.c | 74 ++++++++++++--------
- 2 files changed, 79 insertions(+), 93 deletions(-)
-
-diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c
-index 741e94aaa..ffb1ca29d 100644
---- a/src/responder/nss/nsssrv.c
-+++ b/src/responder/nss/nsssrv.c
-@@ -242,12 +242,6 @@ static int setup_memcaches(struct nss_ctx *nctx)
- return ret;
- }
-
-- if (memcache_timeout == 0) {
-- DEBUG(SSSDBG_CONF_SETTINGS,
-- "Fast in-memory cache will not be initialized.");
-- return EOK;
-- }
--
- /* Get all memcache sizes from confdb (pwd, grp, initgr) */
-
- ret = confdb_get_int(nctx->rctx->cdb,
-@@ -288,64 +282,40 @@ static int setup_memcaches(struct nss_ctx *nctx)
-
- /* Initialize the fast in-memory caches if they were not disabled */
-
-- if (mc_size_passwd != 0) {
-- ret = sss_mmap_cache_init(nctx, "passwd",
-- nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_PASSWD,
-- mc_size_passwd * SSS_MC_CACHE_SLOTS_PER_MB,
-- (time_t)memcache_timeout,
-- &nctx->pwd_mc_ctx);
-- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE,
-- "Failed to initialize passwd mmap cache: '%s'\n",
-- sss_strerror(ret));
-- } else {
-- DEBUG(SSSDBG_CONF_SETTINGS, "Passwd mmap cache size is %d\n",
-- mc_size_passwd);
-- }
-- } else {
-- DEBUG(SSSDBG_IMPORTANT_INFO,
-- "Passwd mmap cache is explicitly DISABLED\n");
-- }
--
-- if (mc_size_group != 0) {
-- ret = sss_mmap_cache_init(nctx, "group",
-- nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_GROUP,
-- mc_size_group * SSS_MC_CACHE_SLOTS_PER_MB,
-- (time_t)memcache_timeout,
-- &nctx->grp_mc_ctx);
-- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE,
-- "Failed to initialize group mmap cache: '%s'\n",
-- sss_strerror(ret));
-- } else {
-- DEBUG(SSSDBG_CONF_SETTINGS, "Group mmap cache size is %d\n",
-- mc_size_group);
-- }
-- } else {
-- DEBUG(SSSDBG_IMPORTANT_INFO,
-- "Group mmap cache is explicitly DISABLED\n");
-- }
--
-- if (mc_size_initgroups != 0) {
-- ret = sss_mmap_cache_init(nctx, "initgroups",
-- nctx->mc_uid, nctx->mc_gid,
-- SSS_MC_INITGROUPS,
-- mc_size_initgroups * SSS_MC_CACHE_SLOTS_PER_MB,
-- (time_t)memcache_timeout,
-- &nctx->initgr_mc_ctx);
-- if (ret) {
-- DEBUG(SSSDBG_CRIT_FAILURE,
-- "Failed to initialize initgroups mmap cache: '%s'\n",
-- sss_strerror(ret));
-- } else {
-- DEBUG(SSSDBG_CONF_SETTINGS, "Initgroups mmap cache size is %d\n",
-- mc_size_initgroups);
-- }
-- } else {
-- DEBUG(SSSDBG_IMPORTANT_INFO,
-- "Initgroups mmap cache is explicitly DISABLED\n");
-+ ret = sss_mmap_cache_init(nctx, "passwd",
-+ nctx->mc_uid, nctx->mc_gid,
-+ SSS_MC_PASSWD,
-+ mc_size_passwd * SSS_MC_CACHE_SLOTS_PER_MB,
-+ (time_t)memcache_timeout,
-+ &nctx->pwd_mc_ctx);
-+ if (ret) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to initialize passwd mmap cache: '%s'\n",
-+ sss_strerror(ret));
-+ }
-+
-+ ret = sss_mmap_cache_init(nctx, "group",
-+ nctx->mc_uid, nctx->mc_gid,
-+ SSS_MC_GROUP,
-+ mc_size_group * SSS_MC_CACHE_SLOTS_PER_MB,
-+ (time_t)memcache_timeout,
-+ &nctx->grp_mc_ctx);
-+ if (ret) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to initialize group mmap cache: '%s'\n",
-+ sss_strerror(ret));
-+ }
-+
-+ ret = sss_mmap_cache_init(nctx, "initgroups",
-+ nctx->mc_uid, nctx->mc_gid,
-+ SSS_MC_INITGROUPS,
-+ mc_size_initgroups * SSS_MC_CACHE_SLOTS_PER_MB,
-+ (time_t)memcache_timeout,
-+ &nctx->initgr_mc_ctx);
-+ if (ret) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to initialize initgroups mmap cache: '%s'\n",
-+ sss_strerror(ret));
- }
-
- return EOK;
-diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
-index 71919e4ac..f66e76ce4 100644
---- a/src/responder/nss/nsssrv_mmap_cache.c
-+++ b/src/responder/nss/nsssrv_mmap_cache.c
-@@ -1108,48 +1108,48 @@ static errno_t sss_mc_set_recycled(int fd)
- return EOK;
- }
-
--/*
-- * When we (re)create a new file we must mark the current file as recycled
-- * so active clients will abandon its use ASAP.
-- * We unlink the current file and make a new one.
-- */
--static errno_t sss_mc_create_file(struct sss_mc_ctx *mc_ctx)
-+static void sss_mc_destroy_file(const char *filename)
- {
-- mode_t old_mask;
-+ const useconds_t t = 50000;
-+ const int retries = 3;
- int ofd;
-- int ret, uret;
-- useconds_t t = 50000;
-- int retries = 3;
-+ int ret;
-
-- ofd = open(mc_ctx->file, O_RDWR);
-+ ofd = open(filename, O_RDWR);
- if (ofd != -1) {
- ret = sss_br_lock_file(ofd, 0, 1, retries, t);
- if (ret != EOK) {
-- DEBUG(SSSDBG_FATAL_FAILURE,
-- "Failed to lock file %s.\n", mc_ctx->file);
-+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to lock file %s.\n", filename);
- }
- ret = sss_mc_set_recycled(ofd);
- if (ret) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Failed to mark mmap file %s as"
-- " recycled: %d(%s)\n",
-- mc_ctx->file, ret, strerror(ret));
-+ " recycled: %d (%s)\n",
-+ filename, ret, strerror(ret));
- }
--
- close(ofd);
- } else if (errno != ENOENT) {
- ret = errno;
- DEBUG(SSSDBG_CRIT_FAILURE,
-- "Failed to open old memory cache file %s: %d(%s).\n",
-- mc_ctx->file, ret, strerror(ret));
-+ "Failed to open old memory cache file %s: %d (%s)\n",
-+ filename, ret, strerror(ret));
- }
-
- errno = 0;
-- ret = unlink(mc_ctx->file);
-+ ret = unlink(filename);
- if (ret == -1 && errno != ENOENT) {
- ret = errno;
-- DEBUG(SSSDBG_TRACE_FUNC, "Failed to rm mmap file %s: %d(%s)\n",
-- mc_ctx->file, ret, strerror(ret));
-+ DEBUG(SSSDBG_TRACE_FUNC, "Failed to delete mmap file %s: %d (%s)\n",
-+ filename, ret, strerror(ret));
- }
-+}
-+
-+static errno_t sss_mc_create_file(struct sss_mc_ctx *mc_ctx)
-+{
-+ const useconds_t t = 50000;
-+ const int retries = 3;
-+ mode_t old_mask;
-+ int ret, uret;
-
- /* temporarily relax umask as we need the file to be readable
- * by everyone for now */
-@@ -1276,9 +1276,32 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
-
- struct sss_mc_ctx *mc_ctx = NULL;
- int ret, dret;
-+ char *filename;
-+
-+ filename = talloc_asprintf(mem_ctx, "%s/%s", SSS_NSS_MCACHE_DIR, name);
-+ if (!filename) {
-+ return ENOMEM;
-+ }
-+ /*
-+ * First of all mark the current file as recycled
-+ * and unlink so active clients will abandon its use ASAP
-+ */
-+ sss_mc_destroy_file(filename);
-+
-+ if ((timeout == 0) || (n_elem == 0)) {
-+ DEBUG(SSSDBG_IMPORTANT_INFO,
-+ "Fast '%s' mmap cache is explicitly DISABLED\n",
-+ mc_type_to_str(type));
-+ *mcc = NULL;
-+ return EOK;
-+ }
-+ DEBUG(SSSDBG_CONF_SETTINGS,
-+ "Fast '%s' mmap cache: timeout = %d, slots = %zu\n",
-+ mc_type_to_str(type), (int)timeout, n_elem);
-
- mc_ctx = talloc_zero(mem_ctx, struct sss_mc_ctx);
- if (!mc_ctx) {
-+ talloc_free(filename);
- return ENOMEM;
- }
- mc_ctx->fd = -1;
-@@ -1297,12 +1320,7 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
-
- mc_ctx->valid_time_slot = timeout;
-
-- mc_ctx->file = talloc_asprintf(mc_ctx, "%s/%s",
-- SSS_NSS_MCACHE_DIR, name);
-- if (!mc_ctx->file) {
-- ret = ENOMEM;
-- goto done;
-- }
-+ mc_ctx->file = talloc_steal(mc_ctx, filename);
-
- /* elements must always be multiple of 8 to make things easier to handle,
- * so we increase by the necessary amount if they are not a multiple */
-@@ -1320,8 +1338,6 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name,
- MC_ALIGN64(mc_ctx->ht_size);
-
-
-- /* for now ALWAYS create a new file on restart */
--
- ret = sss_mc_create_file(mc_ctx);
- if (ret) {
- goto done;
---
-2.21.3
-
diff --git a/SOURCES/0036-TRANSLATIONS-updated-translations-to-include-new-sou.patch b/SOURCES/0036-TRANSLATIONS-updated-translations-to-include-new-sou.patch
deleted file mode 100644
index 0623a83..0000000
--- a/SOURCES/0036-TRANSLATIONS-updated-translations-to-include-new-sou.patch
+++ /dev/null
@@ -1,16083 +0,0 @@
-From 4fd05180b4c47a4ba6b23b2b82aa7b9589989f61 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 18 Jun 2020 11:52:01 +0200
-Subject: [PATCH] TRANSLATIONS: updated translations to include new source file
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some translations were previously missed when some code moved
-to a new source file `src/config/SSSDConfig/sssdoptions.py`
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- po/fr.po | 4831 +++++++++++++++++++++++++++++----------------------
- po/ja.po | 4392 ++++++++++++++++++++++++++--------------------
- po/sssd.pot | 1862 +++++++++++++++++++-
- po/zh_CN.po | 2538 +++++++++++++++++++++++----
- 4 files changed, 9195 insertions(+), 4428 deletions(-)
-
-diff --git a/po/fr.po b/po/fr.po
-index 2dad196a1..198c757e8 100644
---- a/po/fr.po
-+++ b/po/fr.po
-@@ -15,2726 +15,3351 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2020-05-19 12:05+0200\n"
--"PO-Revision-Date: 2020-05-19 10:07+0000\n"
--"Last-Translator: Pavel Brezina <pbrezina@redhat.com>\n"
--"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
--"fr/)\n"
--"Language: fr\n"
-+"POT-Creation-Date: 2020-06-17 22:51+0200\n"
- "MIME-Version: 1.0\n"
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
-+"PO-Revision-Date: 2020-05-19 10:07+0000\n"
-+"Last-Translator: Pavel Brezina <pbrezina@redhat.com>\n"
-+"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/fr/"
-+")\n"
-+"Language: fr\n"
- "Plural-Forms: nplurals=2; plural=(n > 1);\n"
- "X-Generator: Zanata 4.6.2\n"
-
--#: src/monitor/monitor.c:2371
--msgid "Become a daemon (default)"
--msgstr "Devenir un démon (par défaut)"
-+#: src/config/SSSDConfig/sssdoptions.py:20
-+#: src/config/SSSDConfig/sssdoptions.py:21
-+msgid "Set the verbosity of the debug logging"
-+msgstr "Définir le niveau de détails de la sortie de débogage"
-
--#: src/monitor/monitor.c:2373
--msgid "Run interactive (not a daemon)"
--msgstr "Fonctionner en interactif (non démon)"
-+#: src/config/SSSDConfig/sssdoptions.py:22
-+msgid "Include timestamps in debug logs"
-+msgstr "Ajouter l'horodatage dans les fichiers de débogage"
-
--#: src/monitor/monitor.c:2376
--msgid "Disable netlink interface"
--msgstr "Désactiver l'interface netlink"
-+#: src/config/SSSDConfig/sssdoptions.py:23
-+msgid "Include microseconds in timestamps in debug logs"
-+msgstr ""
-+"Ajouter les microsecondes pour l'horodatage dans les journaux de débogage"
-
--#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_logs.c:310
--msgid "Specify a non-default config file"
--msgstr "Définir un fichier de configuration différent de celui par défaut"
-+#: src/config/SSSDConfig/sssdoptions.py:24
-+msgid "Write debug messages to logfiles"
-+msgstr "Écrire les messages de débogage dans les journaux"
-
--#: src/monitor/monitor.c:2380
--msgid "Refresh the configuration database, then exit"
--msgstr "Rafraîchissez la base de données de configuration, puis quittez"
-+#: src/config/SSSDConfig/sssdoptions.py:25
-+msgid "Watchdog timeout before restarting service"
-+msgstr "Délai de surveillance avant le redémarrage du service"
-
--#: src/monitor/monitor.c:2383
--msgid "Similar to --genconf, but only refreshes the given section"
--msgstr "Semblable à --genconf, mais ne rafraîchit que la section donnée"
-+#: src/config/SSSDConfig/sssdoptions.py:26
-+msgid "Command to start service"
-+msgstr "Commande pour démarrer le service"
-
--#: src/monitor/monitor.c:2386
--msgid "Print version number and exit"
--msgstr "Afficher le numéro de version et quitte"
-+#: src/config/SSSDConfig/sssdoptions.py:27
-+msgid "Number of times to attempt connection to Data Providers"
-+msgstr "Nombre d'essais pour tenter de se connecter au fournisseur de données"
-
--#: src/monitor/monitor.c:2532
--msgid "SSSD is already running\n"
--msgstr "SSSD est déjà en cours d'exécution\n"
-+#: src/config/SSSDConfig/sssdoptions.py:28
-+msgid "The number of file descriptors that may be opened by this responder"
-+msgstr ""
-+"Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce "
-+"répondeur"
-
--#: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
--msgid "Debug level"
--msgstr "Niveau de débogage"
-+#: src/config/SSSDConfig/sssdoptions.py:29
-+msgid "Idle time before automatic disconnection of a client"
-+msgstr "durée d'inactivité avant la déconnexion automatique d'un client"
-
--#: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
--msgid "Add debug timestamps"
--msgstr "Ajouter l'horodatage au débogage"
-+#: src/config/SSSDConfig/sssdoptions.py:30
-+msgid "Idle time before automatic shutdown of the responder"
-+msgstr "Temps d'inactivité avant l'arrêt automatique du répondeur"
-
--#: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
--msgid "Show timestamps with microseconds"
--msgstr "Afficher l'horodatage en microsecondes"
-+#: src/config/SSSDConfig/sssdoptions.py:31
-+msgid "Always query all the caches before querying the Data Providers"
-+msgstr ""
-+"Interrogez toujours tous les caches avant d'interroger les fournisseurs de "
-+"données"
-
--#: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
--msgid "An open file descriptor for the debug logs"
--msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
-+#: src/config/SSSDConfig/sssdoptions.py:32
-+msgid ""
-+"When SSSD switches to offline mode the amount of time before it tries to go "
-+"back online will increase based upon the time spent disconnected. This value "
-+"is in seconds and calculated by the following: offline_timeout + "
-+"random_offset."
-+msgstr ""
-
--#: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
--msgid "Send the debug output to stderr directly."
--msgstr "Envoyer la sortie de débogage directement vers l'erreur standard."
-+#: src/config/SSSDConfig/sssdoptions.py:38
-+msgid ""
-+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-+"version 2."
-+msgstr ""
-
--#: src/providers/krb5/krb5_child.c:3245
--msgid "The user to create FAST ccache as"
--msgstr "L'utilisateur à utiliser pour la création du ccache FAST"
-+#: src/config/SSSDConfig/sssdoptions.py:39
-+msgid "SSSD Services to start"
-+msgstr "Services SSSD à démarrer"
-
--#: src/providers/krb5/krb5_child.c:3247
--msgid "The group to create FAST ccache as"
--msgstr "Le groupe à utiliser pour la création du ccache FAST"
-+#: src/config/SSSDConfig/sssdoptions.py:40
-+msgid "SSSD Domains to start"
-+msgstr "Domaines SSSD à démarrer"
-
--#: src/providers/krb5/krb5_child.c:3249
--msgid "Kerberos realm to use"
--msgstr "Domaine Kerberos à utiliser"
-+#: src/config/SSSDConfig/sssdoptions.py:41
-+msgid "Timeout for messages sent over the SBUS"
-+msgstr "Délai d'attente pour les messages à envoyer à travers SBUS"
-
--#: src/providers/krb5/krb5_child.c:3251
--msgid "Requested lifetime of the ticket"
--msgstr "Demande de renouvellement à vie du billet"
-+#: src/config/SSSDConfig/sssdoptions.py:42
-+msgid "Regex to parse username and domain"
-+msgstr "Expression rationnelle d'analyse des noms d'utilisateur et de domaine"
-
--#: src/providers/krb5/krb5_child.c:3253
--msgid "Requested renewable lifetime of the ticket"
--msgstr "Demande de renouvellement à vie du billet"
-+#: src/config/SSSDConfig/sssdoptions.py:43
-+msgid "Printf-compatible format for displaying fully-qualified names"
-+msgstr "Format compatible printf d'affichage des noms complétement qualifiés"
-
--#: src/providers/krb5/krb5_child.c:3255
--msgid "FAST options ('never', 'try', 'demand')"
--msgstr "Options FAST ('never', 'try', 'demand')"
-+#: src/config/SSSDConfig/sssdoptions.py:44
-+msgid ""
-+"Directory on the filesystem where SSSD should store Kerberos replay cache "
-+"files."
-+msgstr ""
-+"Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
-+"relecture de Kerberos."
-
--#: src/providers/krb5/krb5_child.c:3258
--msgid "Specifies the server principal to use for FAST"
--msgstr "Spécifie le principal de serveur afin d'utiliser FAST."
-+#: src/config/SSSDConfig/sssdoptions.py:45
-+msgid "Domain to add to names without a domain component."
-+msgstr "Domaine à ajouter aux noms sans composant de nom de domaine."
-
--#: src/providers/krb5/krb5_child.c:3260
--msgid "Requests canonicalization of the principal name"
--msgstr "Demande la canonisation du nom principal"
-+#: src/config/SSSDConfig/sssdoptions.py:46
-+msgid "The user to drop privileges to"
-+msgstr "L'utilisation vers lequel abandonner les privilèges"
-
--#: src/providers/krb5/krb5_child.c:3262
--msgid "Use custom version of krb5_get_init_creds_password"
--msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
-+#: src/config/SSSDConfig/sssdoptions.py:47
-+msgid "Tune certificate verification"
-+msgstr "Régler la vérification du certificat"
-
--#: src/providers/data_provider_be.c:674
--msgid "Domain of the information provider (mandatory)"
--msgstr "Domaine du fournisseur d'informations (obligatoire)"
-+#: src/config/SSSDConfig/sssdoptions.py:48
-+msgid "All spaces in group or user names will be replaced with this character"
-+msgstr ""
-+"Tous les espaces dans les noms de groupes ou d'utilisateurs seront remplacés "
-+"par ce caractère"
-
--#: src/sss_client/common.c:1079
--msgid "Privileged socket has wrong ownership or permissions."
-+#: src/config/SSSDConfig/sssdoptions.py:49
-+msgid "Tune sssd to honor or ignore netlink state changes"
-+msgstr "Régler sssd pour honorer ou ignorer les changements d'état du netlink"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:50
-+msgid "Enable or disable the implicit files domain"
-+msgstr "Activer ou désactiver le domaine des fichiers implicites"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:51
-+msgid "A specific order of the domains to be looked up"
-+msgstr "Un ordre spécifique des domaines à rechercher"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:52
-+msgid ""
-+"Controls if SSSD should monitor the state of resolv.conf to identify when it "
-+"needs to update its internal DNS resolver."
- msgstr ""
--"Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire."
-
--#: src/sss_client/common.c:1082
--msgid "Public socket has wrong ownership or permissions."
-+#: src/config/SSSDConfig/sssdoptions.py:54
-+msgid ""
-+"SSSD monitors the state of resolv.conf to identify when it needs to update "
-+"its internal DNS resolver. By default, we will attempt to use inotify for "
-+"this, and will fall back to polling resolv.conf every five seconds if "
-+"inotify cannot be used."
- msgstr ""
--"Le socket public a de mauvaises permissions ou un mauvais propriétaire."
-
--#: src/sss_client/common.c:1085
--msgid "Unexpected format of the server credential message."
--msgstr "Le message du serveur de crédits a un format inattendu."
-+#: src/config/SSSDConfig/sssdoptions.py:59
-+msgid "Enumeration cache timeout length (seconds)"
-+msgstr "Délai d'attente du cache d'énumération (en secondes)"
-
--#: src/sss_client/common.c:1088
--msgid "SSSD is not run by root."
--msgstr "SSSD n'est pas démarré par root."
-+#: src/config/SSSDConfig/sssdoptions.py:60
-+msgid "Entry cache background update timeout length (seconds)"
-+msgstr ""
-+"Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en "
-+"secondes)"
-
--#: src/sss_client/common.c:1091
--msgid "SSSD socket does not exist."
--msgstr "La socket SSSD n'existe pas."
-+#: src/config/SSSDConfig/sssdoptions.py:61
-+#: src/config/SSSDConfig/sssdoptions.py:112
-+msgid "Negative cache timeout length (seconds)"
-+msgstr "Délai d'attente du cache négatif (en secondes)"
-
--#: src/sss_client/common.c:1094
--msgid "Cannot get stat of SSSD socket."
--msgstr "Impossible d'obtenir le stat du socket SSSD."
-+#: src/config/SSSDConfig/sssdoptions.py:62
-+msgid "Files negative cache timeout length (seconds)"
-+msgstr "Délai d'attente du cache négatif (en secondes)"
-
--#: src/sss_client/common.c:1099
--msgid "An error occurred, but no description can be found."
--msgstr "Une erreur est survenue mais aucune description n'est trouvée."
-+#: src/config/SSSDConfig/sssdoptions.py:63
-+msgid "Users that SSSD should explicitly ignore"
-+msgstr "Utilisateurs que SSSD doit explicitement ignorer"
-
--#: src/sss_client/common.c:1105
--msgid "Unexpected error while looking for an error description"
--msgstr "Erreur inattendue lors de la recherche de la description de l'erreur"
-+#: src/config/SSSDConfig/sssdoptions.py:64
-+msgid "Groups that SSSD should explicitly ignore"
-+msgstr "Groupes que SSSD doit explicitement ignorer"
-
--#: src/sss_client/pam_sss.c:68
--msgid "Permission denied. "
--msgstr "Accès refusé."
-+#: src/config/SSSDConfig/sssdoptions.py:65
-+msgid "Should filtered users appear in groups"
-+msgstr "Les utilisateurs filtrés doivent-ils apparaître dans les groupes"
-
--#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:779
--#: src/sss_client/pam_sss.c:790
--msgid "Server message: "
--msgstr "Message du serveur : "
-+#: src/config/SSSDConfig/sssdoptions.py:66
-+msgid "The value of the password field the NSS provider should return"
-+msgstr "Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer"
-
--#: src/sss_client/pam_sss.c:297
--msgid "Passwords do not match"
--msgstr "Les mots de passe ne correspondent pas"
-+#: src/config/SSSDConfig/sssdoptions.py:67
-+msgid "Override homedir value from the identity provider with this value"
-+msgstr ""
-+"Remplacer par cette valeur celle du répertoire personnel obtenu avec le "
-+"fournisseur d'identité"
-
--#: src/sss_client/pam_sss.c:485
--msgid "Password reset by root is not supported."
-+#: src/config/SSSDConfig/sssdoptions.py:68
-+msgid ""
-+"Substitute empty homedir value from the identity provider with this value"
- msgstr ""
--"La réinitialisation du mot de passe par root n'est pas prise en charge."
-+"Substitution de la valeur homedir vide du fournisseur d'identité avec cette "
-+"valeur"
-
--#: src/sss_client/pam_sss.c:526
--msgid "Authenticated with cached credentials"
--msgstr "Authentifié avec les crédits mis en cache"
-+#: src/config/SSSDConfig/sssdoptions.py:69
-+msgid "Override shell value from the identity provider with this value"
-+msgstr ""
-+"Écraser le shell donné par le fournisseur d'identité avec cette valeur"
-
--#: src/sss_client/pam_sss.c:527
--msgid ", your cached password will expire at: "
--msgstr ", votre mot de passe en cache expirera à :"
-+#: src/config/SSSDConfig/sssdoptions.py:70
-+msgid "The list of shells users are allowed to log in with"
-+msgstr ""
-+"Liste des interpréteurs de commandes utilisateurs autorisés pour se "
-+"connecter"
-
--#: src/sss_client/pam_sss.c:557
--#, c-format
--msgid "Your password has expired. You have %1$d grace login(s) remaining."
-+#: src/config/SSSDConfig/sssdoptions.py:71
-+msgid ""
-+"The list of shells that will be vetoed, and replaced with the fallback shell"
- msgstr ""
--"Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)."
-+"Liste des interpréteurs de commandes bannis et remplacés par celui par "
-+"défaut"
-
--#: src/sss_client/pam_sss.c:603
--#, c-format
--msgid "Your password will expire in %1$d %2$s."
--msgstr "Votre mot de passe expirera dans %1$d %2$s."
-+#: src/config/SSSDConfig/sssdoptions.py:72
-+msgid ""
-+"If a shell stored in central directory is allowed but not available, use "
-+"this fallback"
-+msgstr ""
-+"Si un interpréteur de commandes stocké dans l'annuaire central est autorisé "
-+"mais indisponible, utiliser à défaut celui-ci"
-
--#: src/sss_client/pam_sss.c:652
--msgid "Authentication is denied until: "
--msgstr "L'authentification est refusée jusque :"
-+#: src/config/SSSDConfig/sssdoptions.py:73
-+msgid "Shell to use if the provider does not list one"
-+msgstr "Shell à utiliser si le fournisseur n'en propose aucun"
-
--#: src/sss_client/pam_sss.c:673
--msgid "System is offline, password change not possible"
-+#: src/config/SSSDConfig/sssdoptions.py:74
-+msgid "How long will be in-memory cache records valid"
-+msgstr "Durée de maintien en cache des enregistrements valides"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:75
-+msgid ""
-+"The value of this option will be used in the expansion of the "
-+"override_homedir option if the template contains the format string %H."
- msgstr ""
--"Le système est hors-ligne, les modifications du mot de passe sont impossibles"
-
--#: src/sss_client/pam_sss.c:688
-+#: src/config/SSSDConfig/sssdoptions.py:77
- msgid ""
--"After changing the OTP password, you need to log out and back in order to "
--"acquire a ticket"
-+"Specifies time in seconds for which the list of subdomains will be "
-+"considered valid."
- msgstr ""
--"Après avoir modifié le mot de passe OTP, vous devez vous déconnecter et vous "
--"reconnecter afin d'acquérir un ticket"
-
--#: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
--msgid "Password change failed. "
--msgstr "Échec du changement de mot de passe."
-+#: src/config/SSSDConfig/sssdoptions.py:79
-+msgid ""
-+"The entry cache can be set to automatically update entries in the background "
-+"if they are requested beyond a percentage of the entry_cache_timeout value "
-+"for the domain."
-+msgstr ""
-
--#: src/sss_client/pam_sss.c:2008
--msgid "New Password: "
--msgstr "Nouveau mot de passe : "
-+#: src/config/SSSDConfig/sssdoptions.py:84
-+msgid "How long to allow cached logins between online logins (days)"
-+msgstr ""
-+"Délai pendant lequel les connexions utilisant le cache sont autorisées entre "
-+"deux connexions en ligne (en jours)"
-
--#: src/sss_client/pam_sss.c:2009
--msgid "Reenter new Password: "
--msgstr "Retaper le nouveau mot de passe : "
-+#: src/config/SSSDConfig/sssdoptions.py:85
-+msgid "How many failed logins attempts are allowed when offline"
-+msgstr "Nombre d'échecs de connexions hors-ligne autorisés"
-
--#: src/sss_client/pam_sss.c:2171 src/sss_client/pam_sss.c:2174
--msgid "First Factor: "
--msgstr "Premier facteur :"
-+#: src/config/SSSDConfig/sssdoptions.py:87
-+msgid ""
-+"How long (minutes) to deny login after offline_failed_login_attempts has "
-+"been reached"
-+msgstr ""
-+"Durée d'interdiction de connexion après que offline_failed_login_attempts "
-+"est atteint (en minutes)"
-
--#: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
--msgid "Second Factor (optional): "
--msgstr "Deuxième facteur (facultatif) : "
-+#: src/config/SSSDConfig/sssdoptions.py:88
-+msgid "What kind of messages are displayed to the user during authentication"
-+msgstr ""
-+"Quels types de messages sont affichés à l'utilisateur pendant "
-+"l'authentification"
-
--#: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
--msgid "Second Factor: "
--msgstr "Second facteur :"
-+#: src/config/SSSDConfig/sssdoptions.py:89
-+msgid "Filter PAM responses sent to the pam_sss"
-+msgstr "Filtrez les réponses PAM envoyées à l'adresse pam_sss"
-
--#: src/sss_client/pam_sss.c:2190
--msgid "Password: "
--msgstr "Mot de passe : "
-+#: src/config/SSSDConfig/sssdoptions.py:90
-+msgid "How many seconds to keep identity information cached for PAM requests"
-+msgstr ""
-+"Durée en secondes pendant laquelle les informations d'identité sont gardées "
-+"en cache pour les requêtes PAM"
-
--#: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
--msgid "First Factor (Current Password): "
--msgstr "Premier facteur (mot de passe actuel) : "
-+#: src/config/SSSDConfig/sssdoptions.py:91
-+msgid "How many days before password expiration a warning should be displayed"
-+msgstr ""
-+"Nombre de jours précédent l'expiration du mot de passe avant lesquels un "
-+"avertissement doit être affiché"
-
--#: src/sss_client/pam_sss.c:2349
--msgid "Current Password: "
--msgstr "Mot de passe actuel : "
-+#: src/config/SSSDConfig/sssdoptions.py:92
-+msgid "List of trusted uids or user's name"
-+msgstr "Liste des uid ou noms d'utilisateurs dignes de confiance"
-
--#: src/sss_client/pam_sss.c:2704
--msgid "Password expired. Change your password now."
--msgstr "Mot de passe expiré. Changez votre mot de passe maintenant."
-+#: src/config/SSSDConfig/sssdoptions.py:93
-+msgid "List of domains accessible even for untrusted users."
-+msgstr ""
-+"Liste des domaines accessibles y compris par les utilisateurs non dignes de "
-+"confiance"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
--#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
--#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
--#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
--#: src/tools/sss_cache.c:719
--msgid "The debug level to run with"
--msgstr "Le niveau de débogage utilisé avec"
-+#: src/config/SSSDConfig/sssdoptions.py:94
-+msgid "Message printed when user account is expired."
-+msgstr "Message affiché lorsque le compte a expiré"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
--msgid "The SSSD domain to use"
--msgstr "Le domaine SSSD à utiliser"
-+#: src/config/SSSDConfig/sssdoptions.py:95
-+msgid "Message printed when user account is locked."
-+msgstr "Message affiché lorsque le compte a expiré"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
--#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
--#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
--#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
--#: src/tools/sss_cache.c:765
--msgid "Error setting the locale\n"
--msgstr "Erreur lors du paramétrage de la locale\n"
-+#: src/config/SSSDConfig/sssdoptions.py:96
-+msgid "Allow certificate based/Smartcard authentication."
-+msgstr "Autoriser l'authentification par certificat/carte à puce."
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
--msgid "Not enough memory\n"
--msgstr "Mémoire insuffisante\n"
-+#: src/config/SSSDConfig/sssdoptions.py:97
-+msgid "Path to certificate database with PKCS#11 modules."
-+msgstr ""
-+"Chemin d'accès à la base de données des certificats des modules PKCS#11."
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
--msgid "User not specified\n"
--msgstr "Utilisateur non spécifié\n"
-+#: src/config/SSSDConfig/sssdoptions.py:98
-+msgid "How many seconds will pam_sss wait for p11_child to finish"
-+msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
--msgid "Error looking up public keys\n"
--msgstr "Erreur lors de la recherche des clés publiques\n"
-+#: src/config/SSSDConfig/sssdoptions.py:99
-+msgid "Which PAM services are permitted to contact application domains"
-+msgstr ""
-+"Quels services PAM sont autorisés à contacter les domaines d'application"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
--msgid "The port to use to connect to the host"
--msgstr "Le port à utiliser pour se connecter à l'hôte"
-+#: src/config/SSSDConfig/sssdoptions.py:100
-+msgid "Allowed services for using smartcards"
-+msgstr "Services autorisés pour l'utilisation de cartes à puce"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
--msgid "Print the host ssh public keys"
--msgstr "Imprimer les clés publiques ssh de l'hôte"
-+#: src/config/SSSDConfig/sssdoptions.py:101
-+msgid "Additional timeout to wait for a card if requested"
-+msgstr ""
-+"Délai d'attente supplémentaire pour l'obtention d'une carte si demandé"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
--msgid "Invalid port\n"
--msgstr "Port invalide\n"
-+#: src/config/SSSDConfig/sssdoptions.py:102
-+msgid ""
-+"PKCS#11 URI to restrict the selection of devices for Smartcard "
-+"authentication"
-+msgstr ""
-+"URI PKCS#11 pour limiter la sélection des périphériques pour "
-+"l'authentification par carte à puce"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
--msgid "Host not specified\n"
--msgstr "Hôte non spécifié\n"
-+#: src/config/SSSDConfig/sssdoptions.py:103
-+msgid "When shall the PAM responder force an initgroups request"
-+msgstr ""
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
--msgid "The path to the proxy command must be absolute\n"
--msgstr "Le chemin vers la commande de proxy doit être absolue\n"
-+#: src/config/SSSDConfig/sssdoptions.py:106
-+msgid "Whether to evaluate the time-based attributes in sudo rules"
-+msgstr ""
-+"Faut-il évaluer les attributs dépendants du temps dans les règles sudo"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
--#, c-format
--msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
--msgstr "sss_ssh_knownhostsproxy : Impossible de résoudre le nom d'hôte %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:107
-+msgid "If true, SSSD will switch back to lower-wins ordering logic"
-+msgstr "Si sur true, SSSD repasse en logique de commande à faible gain"
-
--#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
--msgid "The UID of the user"
--msgstr "L'UID de l'utilisateur"
-+#: src/config/SSSDConfig/sssdoptions.py:108
-+msgid ""
-+"Maximum number of rules that can be refreshed at once. If this is exceeded, "
-+"full refresh is performed."
-+msgstr ""
-+"Nombre maximum de règles pouvant être rafraîchies en même temps. En cas de "
-+"dépassement, un rafraîchissement complet est effectué."
-
--#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
--msgid "The comment string"
--msgstr "Phrase de commentaire"
-+#: src/config/SSSDConfig/sssdoptions.py:115
-+msgid "Whether to hash host names and addresses in the known_hosts file"
-+msgstr ""
-+"Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
-
--#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
--msgid "Home directory"
--msgstr "Répertoire utilisateur"
-+#: src/config/SSSDConfig/sssdoptions.py:116
-+msgid ""
-+"How many seconds to keep a host in the known_hosts file after its host keys "
-+"were requested"
-+msgstr ""
-+"Le nombre de secondes pour garder un hôte dans le fichier known_hosts après "
-+"que ses clés d'hôte ont été demandées"
-
--#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
--msgid "Login shell"
--msgstr "Interpréteur de commandes de connexion"
-+#: src/config/SSSDConfig/sssdoptions.py:118
-+msgid "Path to storage of trusted CA certificates"
-+msgstr "Chemin d'accès au stockage des certificats d'AC de confiance"
-
--#: src/tools/sss_useradd.c:53
--msgid "Groups"
--msgstr "Groupes"
-+#: src/config/SSSDConfig/sssdoptions.py:119
-+msgid "Allow to generate ssh-keys from certificates"
-+msgstr "Permet de générer des ssh-keys à partir de certificats"
-
--#: src/tools/sss_useradd.c:54
--msgid "Create user's directory if it does not exist"
--msgstr "Créer le repertoire utilisateur s'il n'existe pas"
-+#: src/config/SSSDConfig/sssdoptions.py:120
-+msgid ""
-+"Use the following matching rules to filter the certificates for ssh-key "
-+"generation"
-+msgstr ""
-+"Utilisez les règles de correspondance suivantes pour filtrer les certificats "
-+"pour la génération de clés ssh"
-
--#: src/tools/sss_useradd.c:55
--msgid "Never create user's directory, overrides config"
--msgstr "Ne jamais créer de répertoire utilisateur, outrepasse la configuration"
-+#: src/config/SSSDConfig/sssdoptions.py:124
-+msgid "List of UIDs or user names allowed to access the PAC responder"
-+msgstr ""
-+"Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC"
-
--#: src/tools/sss_useradd.c:56
--msgid "Specify an alternative skeleton directory"
--msgstr "Spécifie un répertoire squelette alternatif"
-+#: src/config/SSSDConfig/sssdoptions.py:125
-+msgid "How long the PAC data is considered valid"
-+msgstr "Durée de validité des données du PAC"
-
--#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
--msgid "The SELinux user for user's login"
--msgstr "L'utilisateur SELinux pour l'identifiant de l'utilisateur"
-+#: src/config/SSSDConfig/sssdoptions.py:128
-+msgid "List of user attributes the InfoPipe is allowed to publish"
-+msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
-
--#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
--#: src/tools/sss_usermod.c:92
--msgid "Specify group to add to\n"
--msgstr "Définir le groupe à ajouter à\n"
-+#: src/config/SSSDConfig/sssdoptions.py:131
-+msgid "The provider where the secrets will be stored in"
-+msgstr "Le fournisseur où les secrets seront stockés"
-
--#: src/tools/sss_useradd.c:111
--msgid "Specify user to add\n"
--msgstr "Définir l'utilisateur à ajouter à\n"
-+#: src/config/SSSDConfig/sssdoptions.py:132
-+msgid "The maximum allowed number of nested containers"
-+msgstr "Le nombre maximal de conteneurs imbriqués autorisés"
-
--#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
--#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
--#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
--#: src/tools/sss_usermod.c:162
--msgid "Error initializing the tools - no local domain\n"
--msgstr "Erreur à l'initialisation des outils - aucun domaine local\n"
-+#: src/config/SSSDConfig/sssdoptions.py:133
-+msgid "The maximum number of secrets that can be stored"
-+msgstr "Le nombre maximum de secrets qui peuvent être stockés"
-
--#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
--#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
--#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
--#: src/tools/sss_usermod.c:164
--msgid "Error initializing the tools\n"
--msgstr "Erreur à l'initialisation des outils\n"
-+#: src/config/SSSDConfig/sssdoptions.py:134
-+msgid "The maximum number of secrets that can be stored per UID"
-+msgstr "Le nombre maximum de secrets qui peuvent être stockés par UID"
-
--#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
--#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
--#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
--#: src/tools/sss_usermod.c:173
--msgid "Invalid domain specified in FQDN\n"
--msgstr "Domaine invalide définit dans le FQDN\n"
-+#: src/config/SSSDConfig/sssdoptions.py:135
-+msgid "The maximum payload size of a secret in kilobytes"
-+msgstr "La taille maximale de la charge utile d'un secret en kilo-octets"
-
--#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
--#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
--#: src/tools/sss_usermod.c:226
--msgid "Internal error while parsing parameters\n"
--msgstr "Erreur interne lors de l'analyse des paramètres\n"
-+#: src/config/SSSDConfig/sssdoptions.py:137
-+msgid "The URL Custodia server is listening on"
-+msgstr "L'URL du serveur Custodia est en écoute sur"
-
--#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
--#: src/tools/sss_usermod.c:235
--msgid "Groups must be in the same domain as user\n"
--msgstr "Les groupes doivent être dans le même domaine que l'utilisateur\n"
-+#: src/config/SSSDConfig/sssdoptions.py:138
-+msgid "The method to use when authenticating to a Custodia server"
-+msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia"
-
--#: src/tools/sss_useradd.c:159
--#, c-format
--msgid "Cannot find group %1$s in local domain\n"
--msgstr "Impossible de trouver le groupe %1$s dans le domaine local\n"
-+#: src/config/SSSDConfig/sssdoptions.py:139
-+msgid ""
-+"The name of the headers that will be added into a HTTP request with the "
-+"value defined in auth_header_value"
-+msgstr ""
-+"Le nom des en-têtes qui seront ajoutés dans une requête HTTP avec la valeur "
-+"définie dans auth_header_value"
-
--#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
--msgid "Cannot set default values\n"
--msgstr "Impossible de définir les valeurs par défaut\n"
-+#: src/config/SSSDConfig/sssdoptions.py:141
-+msgid "The value sssd-secrets would use for auth_header_name"
-+msgstr "La valeur que sssd-secrets utiliseraient pour auth_header_name"
-
--#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
--msgid "The selected UID is outside the allowed range\n"
--msgstr "L'UID sélectionné est en dehors de la plage autorisée\n"
-+#: src/config/SSSDConfig/sssdoptions.py:142
-+msgid ""
-+"The list of the headers to forward to the Custodia server together with the "
-+"request"
-+msgstr ""
-+"La liste des en-têtes à transmettre au serveur Custodia avec la requête"
-
--#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
--msgid "Cannot set SELinux login context\n"
--msgstr "Impossible de définir le contexte de connexion SELinux\n"
-+#: src/config/SSSDConfig/sssdoptions.py:143
-+msgid ""
-+"The username to use when authenticating to a Custodia server using "
-+"basic_auth"
-+msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia "
-+"utilisant basic_auth"
-
--#: src/tools/sss_useradd.c:224
--msgid "Cannot get info about the user\n"
--msgstr "Impossible de trouver les informations sur l'utilisateur\n"
-+#: src/config/SSSDConfig/sssdoptions.py:144
-+msgid ""
-+"The password to use when authenticating to a Custodia server using "
-+"basic_auth"
-+msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia "
-+"utilisant basic_auth"
-
--#: src/tools/sss_useradd.c:236
--msgid "User's home directory already exists, not copying data from skeldir\n"
-+#: src/config/SSSDConfig/sssdoptions.py:145
-+msgid ""
-+"If true peer's certificate is verified if proxy_url uses https protocol"
- msgstr ""
--"Le répertoire de l'utilisateur existe déjà, les données du répertoire "
--"squelette ne sont pas copiées\n"
-+"Le certificat pair true est vérifié si proxy_url utilise le protocole https"
-
--#: src/tools/sss_useradd.c:239
--#, c-format
--msgid "Cannot create user's home directory: %1$s\n"
--msgstr "Impossible de créer le répertoire de l'utilisateur : %1$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:146
-+msgid ""
-+"If false peer's certificate may contain different hostname than proxy_url "
-+"when https protocol is used"
-+msgstr ""
-+"Le certificat pair false peut contenir un nom d'hôte différent de proxy_url "
-+"lorsque le protocole https est utilisé"
-
--#: src/tools/sss_useradd.c:250
--#, c-format
--msgid "Cannot create user's mail spool: %1$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:148
-+msgid "Path to directory where certificate authority certificates are stored"
-+msgstr "Chemin d'accès au répertoire où sont stockés les certificats CA"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:149
-+msgid "Path to file containing server's CA certificate"
-+msgstr "Chemin d'accès au fichier contenant le certificat CA du serveur"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:150
-+msgid "Path to file containing client's certificate"
-+msgstr "Chemin d'accès au fichier contenant le certificat du client"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:151
-+msgid "Path to file containing client's private key"
-+msgstr "Chemin d'accès au fichier contenant la clé privée du client"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:154
-+msgid ""
-+"One of the following strings specifying the scope of session recording: none "
-+"- No users are recorded. some - Users/groups specified by users and groups "
-+"options are recorded. all - All users are recorded."
- msgstr ""
--"Impossible de créer le répertoire de réception des messages électroniques "
--"pour l'utilisateur : %1$s\n"
-
--#: src/tools/sss_useradd.c:270
--msgid "Could not allocate ID for the user - domain full?\n"
-+#: src/config/SSSDConfig/sssdoptions.py:157
-+msgid ""
-+"A comma-separated list of users which should have session recording enabled. "
-+"Matches user names as returned by NSS. I.e. after the possible space "
-+"replacement, case changes, etc."
- msgstr ""
--"L'identifiant de l'utilisateur ne peut pas être alloué - domaine plein ?\n"
-
--#: src/tools/sss_useradd.c:274
--msgid "A user or group with the same name or ID already exists\n"
--msgstr "Un utilisateur ou groupe avec le même nom ou identifiant existe déjà\n"
-+#: src/config/SSSDConfig/sssdoptions.py:159
-+msgid ""
-+"A comma-separated list of groups, members of which should have session "
-+"recording enabled. Matches group names as returned by NSS. I.e. after the "
-+"possible space replacement, case changes, etc."
-+msgstr ""
-
--#: src/tools/sss_useradd.c:280
--msgid "Transaction error. Could not add user.\n"
--msgstr "Erreur de transaction. Impossible d'ajouter l'utilisateur.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:164
-+msgid "Identity provider"
-+msgstr "Fournisseur d'identité"
-
--#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
--msgid "The GID of the group"
--msgstr "Le GID du groupe"
-+#: src/config/SSSDConfig/sssdoptions.py:165
-+msgid "Authentication provider"
-+msgstr "Fournisseur d'authentification"
-
--#: src/tools/sss_groupadd.c:76
--msgid "Specify group to add\n"
--msgstr "Définir le groupe à ajouter\n"
-+#: src/config/SSSDConfig/sssdoptions.py:166
-+msgid "Access control provider"
-+msgstr "Fournisseur de contrôle d'accès"
-
--#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
--msgid "The selected GID is outside the allowed range\n"
--msgstr "Le GID choisit est en dehors de la plage autorisée\n"
-+#: src/config/SSSDConfig/sssdoptions.py:167
-+msgid "Password change provider"
-+msgstr "Fournisseur de changement de mot de passe"
-
--#: src/tools/sss_groupadd.c:143
--msgid "Could not allocate ID for the group - domain full?\n"
--msgstr "Impossible d'allouer l'identifiant du groupe - domaine plein ?\n"
-+#: src/config/SSSDConfig/sssdoptions.py:168
-+msgid "SUDO provider"
-+msgstr "Fournisseur SUDO"
-
--#: src/tools/sss_groupadd.c:147
--msgid "A group with the same name or GID already exists\n"
--msgstr "Un groupe avec le même nom ou GID existe déjà\n"
-+#: src/config/SSSDConfig/sssdoptions.py:169
-+msgid "Autofs provider"
-+msgstr "Fournisseur autofs"
-
--#: src/tools/sss_groupadd.c:153
--msgid "Transaction error. Could not add group.\n"
--msgstr "Erreur de transaction. Impossible d'ajouter le groupe.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:170
-+msgid "Host identity provider"
-+msgstr "Fournisseur d'identité de l'hôte"
-
--#: src/tools/sss_groupdel.c:70
--msgid "Specify group to delete\n"
--msgstr "Spécifier le groupe à supprimer\n"
-+#: src/config/SSSDConfig/sssdoptions.py:171
-+msgid "SELinux provider"
-+msgstr "Fournisseur SELinux"
-
--#: src/tools/sss_groupdel.c:104
--#, c-format
--msgid "Group %1$s is outside the defined ID range for domain\n"
--msgstr ""
--"Le groupe %1$s est en dehors de la plage d'identifiants définie pour le "
--"domaine\n"
-+#: src/config/SSSDConfig/sssdoptions.py:172
-+msgid "Session management provider"
-+msgstr "Fournisseur de gestion de session"
-
--#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
--#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
--#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
--#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
--#, c-format
--msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:173
-+msgid "Resolver provider"
- msgstr ""
--"Échec de requête NSS (%1$d). L'entrée peut persister dans le cache en "
--"mémoire.\n"
-
--#: src/tools/sss_groupdel.c:132
--msgid ""
--"No such group in local domain. Removing groups only allowed in local "
--"domain.\n"
--msgstr ""
--"Aucun groupe dans le domaine local. La suppression de groupes n'est "
--"autorisée que dans le domaine local.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:176
-+msgid "Whether the domain is usable by the OS or by applications"
-+msgstr "Si le domaine est utilisable par l'OS ou par des applications"
-
--#: src/tools/sss_groupdel.c:137
--msgid "Internal error. Could not remove group.\n"
--msgstr "Erreur interne. Impossible de supprimer le groupe.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:177
-+msgid "Minimum user ID"
-+msgstr "Identifiant utilisateur minimum"
-
--#: src/tools/sss_groupmod.c:44
--msgid "Groups to add this group to"
--msgstr "Groupes auxquels ce groupe sera ajouté"
-+#: src/config/SSSDConfig/sssdoptions.py:178
-+msgid "Maximum user ID"
-+msgstr "Identifiant utilisateur maximum"
-
--#: src/tools/sss_groupmod.c:46
--msgid "Groups to remove this group from"
--msgstr "Groupes desquels ce groupe sera retiré"
-+#: src/config/SSSDConfig/sssdoptions.py:179
-+msgid "Enable enumerating all users/groups"
-+msgstr "Activer l'énumération de tous les utilisateurs/groupes"
-
--#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
--msgid "Specify group to remove from\n"
--msgstr "Définir le groupe duquel supprimer\n"
-+#: src/config/SSSDConfig/sssdoptions.py:180
-+msgid "Cache credentials for offline login"
-+msgstr "Mettre en cache les crédits pour une connexion hors-ligne"
-
--#: src/tools/sss_groupmod.c:101
--msgid "Specify group to modify\n"
--msgstr "Définir le groupe à modifier\n"
-+#: src/config/SSSDConfig/sssdoptions.py:181
-+msgid "Display users/groups in fully-qualified form"
-+msgstr ""
-+"Afficher les utilisateurs/groupes dans un format complétement qualifié"
-
--#: src/tools/sss_groupmod.c:130
-+#: src/config/SSSDConfig/sssdoptions.py:182
-+msgid "Don't include group members in group lookups"
-+msgstr ""
-+"Ne pas inclure les membres des groupes dans les recherches de groupes."
-+
-+#: src/config/SSSDConfig/sssdoptions.py:183
-+#: src/config/SSSDConfig/sssdoptions.py:193
-+#: src/config/SSSDConfig/sssdoptions.py:194
-+#: src/config/SSSDConfig/sssdoptions.py:195
-+#: src/config/SSSDConfig/sssdoptions.py:196
-+#: src/config/SSSDConfig/sssdoptions.py:197
-+#: src/config/SSSDConfig/sssdoptions.py:198
-+#: src/config/SSSDConfig/sssdoptions.py:199
-+msgid "Entry cache timeout length (seconds)"
-+msgstr "Durée de validité des entrées en cache (en secondes)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:184
- msgid ""
--"Cannot find group in local domain, modifying groups is allowed only in local "
--"domain\n"
-+"Restrict or prefer a specific address family when performing DNS lookups"
- msgstr ""
--"Impossible de trouver le groupe dans le domaine local, la modification des "
--"groupes n'est autorisée que dans le domaine local\n"
-+"Restreindre ou préférer une famille d'adresses lors des recherches DNS"
-
--#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
--msgid "Member groups must be in the same domain as parent group\n"
-+#: src/config/SSSDConfig/sssdoptions.py:185
-+msgid "How long to keep cached entries after last successful login (days)"
- msgstr ""
--"Les membres du groupe doivent être dans le même domaine que le groupe "
--"parent\n"
-+"Durée de validité des entrées en cache après la dernière connexion réussie "
-+"(en jours)"
-
--#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
--#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
--#, c-format
-+#: src/config/SSSDConfig/sssdoptions.py:186
- msgid ""
--"Cannot find group %1$s in local domain, only groups in local domain are "
--"allowed\n"
-+"How long should SSSD talk to single DNS server before trying next server "
-+"(miliseconds)"
- msgstr ""
--"Impossible de trouver le groupe %1$s dans le domaine local, seuls les "
--"groupes du domaine local sont autorisés\n"
-+"Combien de temps le SSSD doit-il parler à un seul serveur DNS avant "
-+"d'essayer le serveur suivant (en millisecondes)"
-
--#: src/tools/sss_groupmod.c:257
--msgid "Could not modify group - check if member group names are correct\n"
-+#: src/config/SSSDConfig/sssdoptions.py:188
-+msgid "How long should keep trying to resolve single DNS query (seconds)"
- msgstr ""
--"Impossible de modifier le groupe - vérifier que les noms des groupes membres "
--"sont corrects\n"
-+"Combien de temps faut-il continuer à essayer de résoudre une seule requête "
-+"DNS (en secondes)"
-
--#: src/tools/sss_groupmod.c:261
--msgid "Could not modify group - check if groupname is correct\n"
-+#: src/config/SSSDConfig/sssdoptions.py:189
-+msgid "How long to wait for replies from DNS when resolving servers (seconds)"
- msgstr ""
--"Impossible de modifier le groupe - vérifier que le nom du groupe est "
--"correct\n"
-+"Délai d'attente des réponses du DNS lors de la résolution des serveurs (en "
-+"secondes)"
-
--#: src/tools/sss_groupmod.c:265
--msgid "Transaction error. Could not modify group.\n"
--msgstr "Erreur de transaction. Impossible de modifier le groupe.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:190
-+msgid "The domain part of service discovery DNS query"
-+msgstr "La partie domaine de la requête de découverte de service DNS"
-
--#: src/tools/sss_groupshow.c:616
--msgid "Magic Private "
--msgstr "Magie privée"
-+#: src/config/SSSDConfig/sssdoptions.py:191
-+msgid "Override GID value from the identity provider with this value"
-+msgstr "Écraser la valeur du GID du fournisseur d'identité avec cette valeur"
-
--#: src/tools/sss_groupshow.c:615
--#, c-format
--msgid "%1$s%2$sGroup: %3$s\n"
--msgstr "%1$s%2$sGroup: %3$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:192
-+msgid "Treat usernames as case sensitive"
-+msgstr "Considère les noms d'utilisateur comme casse dépendant"
-
--#: src/tools/sss_groupshow.c:618
--#, c-format
--msgid "%1$sGID number: %2$d\n"
--msgstr "%1$s GID numéro : %2$d\n"
-+#: src/config/SSSDConfig/sssdoptions.py:200
-+msgid "How often should expired entries be refreshed in background"
-+msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées"
-
--#: src/tools/sss_groupshow.c:620
--#, c-format
--msgid "%1$sMember users: "
--msgstr "Utilisateurs membres de %1$s :"
-+#: src/config/SSSDConfig/sssdoptions.py:201
-+msgid "Whether to automatically update the client's DNS entry"
-+msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client"
-
--#: src/tools/sss_groupshow.c:627
--#, c-format
--msgid ""
--"\n"
--"%1$sIs a member of: "
--msgstr ""
--"\n"
--"%1$s est membre de : "
-+#: src/config/SSSDConfig/sssdoptions.py:202
-+#: src/config/SSSDConfig/sssdoptions.py:232
-+msgid "The TTL to apply to the client's DNS entry after updating it"
-+msgstr "Le TTL à appliquer à l'entrée DNS du client après modification"
-
--#: src/tools/sss_groupshow.c:634
--#, c-format
--msgid ""
--"\n"
--"%1$sMember groups: "
-+#: src/config/SSSDConfig/sssdoptions.py:203
-+#: src/config/SSSDConfig/sssdoptions.py:233
-+msgid "The interface whose IP should be used for dynamic DNS updates"
- msgstr ""
--"\n"
--"Groupes membres de %1$s : "
-+"L'interface dont l'adresse IP doit être utilisée pour les mises à jour "
-+"dynamiques du DNS"
-
--#: src/tools/sss_groupshow.c:670
--msgid "Print indirect group members recursively"
--msgstr "Afficher les membres du groupe indirects récursivement"
-+#: src/config/SSSDConfig/sssdoptions.py:204
-+msgid "How often to periodically update the client's DNS entry"
-+msgstr "Fréquence de mise à jour automatique de l'entrée DNS du client"
-
--#: src/tools/sss_groupshow.c:704
--msgid "Specify group to show\n"
--msgstr "Définir le groupe à afficher\n"
-+#: src/config/SSSDConfig/sssdoptions.py:205
-+msgid "Whether the provider should explicitly update the PTR record as well"
-+msgstr ""
-+"Selon que le fournisseur doit aussi ou non mettre à jour explicitement "
-+"l'enregistrement PTR"
-
--#: src/tools/sss_groupshow.c:744
--msgid ""
--"No such group in local domain. Printing groups only allowed in local "
--"domain.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:206
-+msgid "Whether the nsupdate utility should default to using TCP"
-+msgstr "Selon que l'utilitaire nsupdate doit utiliser TCP par défaut"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:207
-+msgid "What kind of authentication should be used to perform the DNS update"
- msgstr ""
--"Aucun groupe dans le domaine local. L'affichage des groupes n'est autorisé "
--"que dans le domaine local.\n"
-+"Quel type d'authentification doit être utilisée pour effectuer la mise à "
-+"jour DNS"
-
--#: src/tools/sss_groupshow.c:749
--msgid "Internal error. Could not print group.\n"
--msgstr "Erreur interne. Impossible d'afficher le groupe.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:208
-+msgid "Override the DNS server used to perform the DNS update"
-+msgstr "Remplace le serveur DNS utilisé pour effectuer la mise à jour du DNS"
-
--#: src/tools/sss_userdel.c:138
--msgid "Remove home directory and mail spool"
--msgstr "Suppression du répertoire personnel et de gestion des mails"
-+#: src/config/SSSDConfig/sssdoptions.py:209
-+msgid "Control enumeration of trusted domains"
-+msgstr "Contrôle l'énumération des domaines approuvés"
-
--#: src/tools/sss_userdel.c:140
--msgid "Do not remove home directory and mail spool"
--msgstr "Ne pas supprimer le répertoire personnel et de gestion des mails"
-+#: src/config/SSSDConfig/sssdoptions.py:210
-+msgid "How often should subdomains list be refreshed"
-+msgstr "Fréquence de rafraîchissement des sous-domaines"
-
--#: src/tools/sss_userdel.c:142
--msgid "Force removal of files not owned by the user"
--msgstr "Forcer la suppression des fichiers n'appartenant pas à l'utilisateur"
-+#: src/config/SSSDConfig/sssdoptions.py:211
-+msgid "List of options that should be inherited into a subdomain"
-+msgstr "Listes des options qui doivent être héritées dans le sous-domaine"
-
--#: src/tools/sss_userdel.c:144
--msgid "Kill users' processes before removing him"
--msgstr "Tuer les processus de l'utilisateur avant de le supprimer"
-+#: src/config/SSSDConfig/sssdoptions.py:212
-+msgid "Default subdomain homedir value"
-+msgstr "Valeur par défaut du sous-domaine homedir"
-
--#: src/tools/sss_userdel.c:190
--msgid "Specify user to delete\n"
--msgstr "Définir l'utilisateur à supprimer\n"
-+#: src/config/SSSDConfig/sssdoptions.py:213
-+msgid "How long can cached credentials be used for cached authentication"
-+msgstr ""
-+"Combien de temps les informations d'identification en cache peuvent-elles "
-+"être utilisées pour l'authentification en cache"
-
--#: src/tools/sss_userdel.c:236
--#, c-format
--msgid "User %1$s is outside the defined ID range for domain\n"
-+#: src/config/SSSDConfig/sssdoptions.py:214
-+msgid "Whether to automatically create private groups for users"
- msgstr ""
--"L'utilisateur %1$s est en dehors de la plage d'identifiants définie pour le "
--"domaine\n"
-+"S'il faut créer automatiquement des groupes privés pour les utilisateurs"
-
--#: src/tools/sss_userdel.c:261
--msgid "Cannot reset SELinux login context\n"
--msgstr "Impossible de réinitialiser le contexte de connexion SELinux\n"
--
--#: src/tools/sss_userdel.c:273
--#, c-format
--msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:215
-+msgid "Display a warning N days before the password expires."
- msgstr ""
--"ATTENTION : l'utilisateur (uid %1$lu) était encore connecté lors de sa "
--"suppression.\n"
-
--#: src/tools/sss_userdel.c:278
--msgid "Cannot determine if the user was logged in on this platform"
-+#: src/config/SSSDConfig/sssdoptions.py:216
-+msgid ""
-+"Various tags stored by the realmd configuration service for this domain."
- msgstr ""
--"Impossible de savoir si l'utilisateur était connecté sur cette plateforme"
--
--#: src/tools/sss_userdel.c:283
--msgid "Error while checking if the user was logged in\n"
--msgstr "Erreur en vérifiant si l'utilisateur était connecté\n"
--
--#: src/tools/sss_userdel.c:290
--#, c-format
--msgid "The post-delete command failed: %1$s\n"
--msgstr "La commande post-suppression a échoué : %1$s\n"
-
--#: src/tools/sss_userdel.c:310
--msgid "Not removing home dir - not owned by user\n"
-+#: src/config/SSSDConfig/sssdoptions.py:217
-+msgid ""
-+"The provider which should handle fetching of subdomains. This value should "
-+"be always the same as id_provider."
- msgstr ""
--"Le répertoire personnel n'est pas supprimé - l'utilisateur n'en est pas le "
--"propriétaire\n"
-
--#: src/tools/sss_userdel.c:312
--#, c-format
--msgid "Cannot remove homedir: %1$s\n"
--msgstr "Impossible de supprimer le répertoire utilisateur : %1$s\n"
--
--#: src/tools/sss_userdel.c:326
-+#: src/config/SSSDConfig/sssdoptions.py:219
- msgid ""
--"No such user in local domain. Removing users only allowed in local domain.\n"
-+"How many seconds to keep a host ssh key after refresh. IE how long to cache "
-+"the host key for."
- msgstr ""
--"Aucun utilisateur dans le domaine local. La suppression des utilisateurs "
--"n'est autorisée que dans le domaine local.\n"
--
--#: src/tools/sss_userdel.c:331
--msgid "Internal error. Could not remove user.\n"
--msgstr "Erreur interne. Impossible de supprimer l'utilisateur.\n"
--
--#: src/tools/sss_usermod.c:49
--msgid "The GID of the user"
--msgstr "Le GID de l'utilisateur"
-
--#: src/tools/sss_usermod.c:53
--msgid "Groups to add this user to"
--msgstr "Groupes auxquels ajouter cet utilisateur"
-+#: src/config/SSSDConfig/sssdoptions.py:221
-+msgid ""
-+"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
-+"this value determines the minimal length the first authentication factor "
-+"(long term password) must have to be saved as SHA512 hash into the cache."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:54
--msgid "Groups to remove this user from"
--msgstr "Groupes auxquels enlever cet utilisateur"
-+#: src/config/SSSDConfig/sssdoptions.py:227
-+msgid "IPA domain"
-+msgstr "Domaine IPA"
-
--#: src/tools/sss_usermod.c:55
--msgid "Lock the account"
--msgstr "Verrouiller le compte"
-+#: src/config/SSSDConfig/sssdoptions.py:228
-+msgid "IPA server address"
-+msgstr "Adresse du serveur IPA"
-
--#: src/tools/sss_usermod.c:56
--msgid "Unlock the account"
--msgstr "Déverrouiller le compte"
-+#: src/config/SSSDConfig/sssdoptions.py:229
-+msgid "Address of backup IPA server"
-+msgstr "Adresse du serveur IPA de secours"
-
--#: src/tools/sss_usermod.c:57
--msgid "Add an attribute/value pair. The format is attrname=value."
--msgstr "Ajouter une paire attribut/valeur. Le format est nom_attribut=valeur."
-+#: src/config/SSSDConfig/sssdoptions.py:230
-+msgid "IPA client hostname"
-+msgstr "Nom de système du client IPA"
-
--#: src/tools/sss_usermod.c:58
--msgid "Delete an attribute/value pair. The format is attrname=value."
-+#: src/config/SSSDConfig/sssdoptions.py:231
-+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
- msgstr ""
--"Supprimer une paire attribut/valeur. Le format est nom_attribut=valeur."
-+"Choisir de mettre à jour automatiquement l'entrée DNS du client dans FreeIPA"
-
--#: src/tools/sss_usermod.c:59
-+#: src/config/SSSDConfig/sssdoptions.py:234
-+msgid "Search base for HBAC related objects"
-+msgstr "Base de recherche pour les objets HBAC"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:235
- msgid ""
--"Set an attribute to a name/value pair. The format is attrname=value. For "
--"multi-valued attributes, the command replaces the values already present"
--msgstr ""
--"Définir une paire attribut/valeur. Le format est nom_attribut=valeur. Pour "
--"les attributs multi-valués, la commande remplace les valeurs déjà présentes."
-+"The amount of time between lookups of the HBAC rules against the IPA server"
-+msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA"
-
--#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
--#: src/tools/sss_usermod.c:135
--msgid "Specify the attribute name/value pair(s)\n"
--msgstr "Indiquer les paires nom d'attributs et valeurs.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:236
-+msgid ""
-+"The amount of time in seconds between lookups of the SELinux maps against "
-+"the IPA server"
-+msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA"
-
--#: src/tools/sss_usermod.c:152
--msgid "Specify user to modify\n"
--msgstr "Spécifier l'utilisateur à modifier\n"
-+#: src/config/SSSDConfig/sssdoptions.py:238
-+msgid "If set to false, host argument given by PAM will be ignored"
-+msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré"
-
--#: src/tools/sss_usermod.c:180
--msgid ""
--"Cannot find user in local domain, modifying users is allowed only in local "
--"domain\n"
-+#: src/config/SSSDConfig/sssdoptions.py:239
-+msgid "The automounter location this IPA client is using"
- msgstr ""
--"Impossible de trouver l'utilisateur dans le domaine local, la modification "
--"des utilisateurs n'est autorisée que dans le domaine local\n"
-+"L'emplacement de la carte de montage automatique utilisée par le client IPA"
-
--#: src/tools/sss_usermod.c:322
--msgid "Could not modify user - check if group names are correct\n"
-+#: src/config/SSSDConfig/sssdoptions.py:240
-+msgid "Search base for object containing info about IPA domain"
- msgstr ""
--"Impossible de modifier l'utilisateur - vérifiez que les noms de groupe sont "
--"corrects\n"
-+"Base de recherche pour l'objet contenant les informations de base à propos "
-+"du domaine IPA"
-
--#: src/tools/sss_usermod.c:326
--msgid "Could not modify user - user already member of groups?\n"
-+#: src/config/SSSDConfig/sssdoptions.py:241
-+msgid "Search base for objects containing info about ID ranges"
- msgstr ""
--"Impossible de modifier l'utilisateur - l'utilisateur est déjà membre du "
--"groupe ?\n"
-+"Base de recherche pour les objets contenant les informations à propos des "
-+"plages d'ID"
-
--#: src/tools/sss_usermod.c:330
--msgid "Transaction error. Could not modify user.\n"
--msgstr "Erreur de transaction. Impossible de modifier l'utlisateur.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:242
-+#: src/config/SSSDConfig/sssdoptions.py:296
-+msgid "Enable DNS sites - location based service discovery"
-+msgstr "Activer les sites DNS - découverte de service basée sur l'emplacement"
-
--#: src/tools/sss_cache.c:245
--msgid "No cache object matched the specified search\n"
--msgstr "Aucun object trouvé dans le cache pour la recherche spécifiée\n"
-+#: src/config/SSSDConfig/sssdoptions.py:243
-+msgid "Search base for view containers"
-+msgstr "Base de recherche des conteneurs de vues"
-
--#: src/tools/sss_cache.c:536
--#, c-format
--msgid "Couldn't invalidate %1$s\n"
--msgstr "Impossible d'invalider %1$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:244
-+msgid "Objectclass for view containers"
-+msgstr "Classe d'objet pour les conteneurs de vues"
-
--#: src/tools/sss_cache.c:543
--#, c-format
--msgid "Couldn't invalidate %1$s %2$s\n"
--msgstr "Impossible d'invalider %1$s %2$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:245
-+msgid "Attribute with the name of the view"
-+msgstr "Attribut avec le nom de la vue"
-
--#: src/tools/sss_cache.c:721
--msgid "Invalidate all cached entries"
--msgstr "Invalidez toutes les entrées en cache"
-+#: src/config/SSSDConfig/sssdoptions.py:246
-+msgid "Objectclass for override objects"
-+msgstr "Classe d'objet surchargeant les objets"
-
--#: src/tools/sss_cache.c:723
--msgid "Invalidate particular user"
--msgstr "Invalider un utilisateur spécifique"
-+#: src/config/SSSDConfig/sssdoptions.py:247
-+msgid "Attribute with the reference to the original object"
-+msgstr "Attribut faisant référence à l'objet originel "
-
--#: src/tools/sss_cache.c:725
--msgid "Invalidate all users"
--msgstr "Invalider tous les utilisateurs"
-+#: src/config/SSSDConfig/sssdoptions.py:248
-+msgid "Objectclass for user override objects"
-+msgstr "Classe d'objet surchargeant les utilisateurs"
-
--#: src/tools/sss_cache.c:727
--msgid "Invalidate particular group"
--msgstr "Invalider un groupe particulier"
-+#: src/config/SSSDConfig/sssdoptions.py:249
-+msgid "Objectclass for group override objects"
-+msgstr "Classe d'objet surchargeant les groupes"
-
--#: src/tools/sss_cache.c:729
--msgid "Invalidate all groups"
--msgstr "Invalider tous les groupes"
-+#: src/config/SSSDConfig/sssdoptions.py:250
-+msgid "Search base for Desktop Profile related objects"
-+msgstr "Base de recherche pour les objets liés au Profil du Bureau"
-
--#: src/tools/sss_cache.c:731
--msgid "Invalidate particular netgroup"
--msgstr "Invalider un groupe réseau particulier"
-+#: src/config/SSSDConfig/sssdoptions.py:251
-+msgid ""
-+"The amount of time in seconds between lookups of the Desktop Profile rules "
-+"against the IPA server"
-+msgstr ""
-+"Le temps, en secondes, entre les consultations des règles du profil du "
-+"bureau sur le serveur IPA"
-
--#: src/tools/sss_cache.c:733
--msgid "Invalidate all netgroups"
--msgstr "Invalider tous les groupes réseau"
-+#: src/config/SSSDConfig/sssdoptions.py:253
-+msgid ""
-+"The amount of time in minutes between lookups of Desktop Profiles rules "
-+"against the IPA server when the last request did not find any rule"
-+msgstr ""
-+"Le temps en minutes entre les consultations des règles de profile de bureau "
-+"sur le serveur IPA lorsque la dernière requête n'a trouvé aucune règle"
-
--#: src/tools/sss_cache.c:735
--msgid "Invalidate particular service"
--msgstr "Invalidation d'un service particulier"
-+#: src/config/SSSDConfig/sssdoptions.py:256
-+msgid "The LDAP attribute that contains FQDN of the host."
-+msgstr ""
-
--#: src/tools/sss_cache.c:737
--msgid "Invalidate all services"
--msgstr "Invalidation de tous les services"
-+#: src/config/SSSDConfig/sssdoptions.py:257
-+#: src/config/SSSDConfig/sssdoptions.py:280
-+msgid "The object class of a host entry in LDAP."
-+msgstr ""
-
--#: src/tools/sss_cache.c:740
--msgid "Invalidate particular autofs map"
--msgstr "Invalidation d'une carte autofs particulière"
-+#: src/config/SSSDConfig/sssdoptions.py:258
-+msgid "Use the given string as search base for host objects."
-+msgstr ""
-
--#: src/tools/sss_cache.c:742
--msgid "Invalidate all autofs maps"
--msgstr "Invalidation de toutes les cartes autofs"
-+#: src/config/SSSDConfig/sssdoptions.py:259
-+msgid "The LDAP attribute that contains the host's SSH public keys."
-+msgstr ""
-
--#: src/tools/sss_cache.c:746
--msgid "Invalidate particular SSH host"
--msgstr "Invalider un hôte SSH particulier"
-+#: src/config/SSSDConfig/sssdoptions.py:260
-+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-+msgstr ""
-
--#: src/tools/sss_cache.c:748
--msgid "Invalidate all SSH hosts"
--msgstr "Invalider tous les hôtes SSH"
-+#: src/config/SSSDConfig/sssdoptions.py:261
-+msgid "The LDAP attribute that contains the names of the netgroup's members."
-+msgstr ""
-
--#: src/tools/sss_cache.c:752
--msgid "Invalidate particular sudo rule"
--msgstr "Invalider une règle sudo particulière"
-+#: src/config/SSSDConfig/sssdoptions.py:262
-+msgid ""
-+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-+"members of the netgroup."
-+msgstr ""
-
--#: src/tools/sss_cache.c:754
--msgid "Invalidate all cached sudo rules"
--msgstr "Invalider toutes les règles sudo en cache"
-+#: src/config/SSSDConfig/sssdoptions.py:264
-+msgid ""
-+"The LDAP attribute that lists hosts and host groups that are direct members "
-+"of the netgroup."
-+msgstr ""
-
--#: src/tools/sss_cache.c:757
--msgid "Only invalidate entries from a particular domain"
--msgstr "N'invalider des entrées que d'un domaine spécifique"
-+#: src/config/SSSDConfig/sssdoptions.py:266
-+msgid "The LDAP attribute that lists netgroup's memberships."
-+msgstr ""
-
--#: src/tools/sss_cache.c:811
-+#: src/config/SSSDConfig/sssdoptions.py:267
- msgid ""
--"Unexpected argument(s) provided, options that invalidate a single object "
--"only accept a single provided argument.\n"
-+"The LDAP attribute that lists system users and groups that are direct "
-+"members of the netgroup."
- msgstr ""
--"Argument(s) inattendu(s) fourni(s), les options qui invalident un seul objet "
--"n'acceptent qu'un seul argument fourni.\n"
-
--#: src/tools/sss_cache.c:821
--msgid "Please select at least one object to invalidate\n"
--msgstr "Merci de sélectionner au moins un objet à invalider\n"
-+#: src/config/SSSDConfig/sssdoptions.py:269
-+msgid "The LDAP attribute that corresponds to the netgroup name."
-+msgstr ""
-
--#: src/tools/sss_cache.c:904
--#, c-format
-+#: src/config/SSSDConfig/sssdoptions.py:270
-+msgid "The object class of a netgroup entry in LDAP."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:271
- msgid ""
--"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
--"use fully qualified name instead of --domain/-d parameter.\n"
-+"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
- msgstr ""
--"Impossible d'ouvrir le domaine %1$s. Si le domaine est un sous-domaine "
--"(domaine approuvé), utiliser le nom pleinement qualifié au lieu du paramètre "
--"--domain/-d.\n"
-
--#: src/tools/sss_cache.c:909
--msgid "Could not open available domains\n"
--msgstr "Impossible d'ouvrir aucun des domaines disponibles\n"
-+#: src/config/SSSDConfig/sssdoptions.py:272
-+msgid ""
-+"The LDAP attribute that contains whether or not is user map enabled for "
-+"usage."
-+msgstr ""
-
--#: src/tools/tools_util.c:202
--#, c-format
--msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
-+#: src/config/SSSDConfig/sssdoptions.py:274
-+msgid "The LDAP attribute that contains host category such as 'all'."
- msgstr ""
--"Le nom « %1$s » ne semble pas être un FQDN (« %2$s = TRUE » est configuré)\n"
-
--#: src/tools/tools_util.c:309
--msgid "Out of memory\n"
--msgstr "Mémoire saturée\n"
-+#: src/config/SSSDConfig/sssdoptions.py:275
-+msgid ""
-+"The LDAP attribute that contains all hosts / hostgroups this rule match "
-+"against."
-+msgstr ""
-
--#: src/tools/tools_util.h:40
--#, c-format
--msgid "%1$s must be run as root\n"
--msgstr "%1$s doit être lancé en tant que root\n"
-+#: src/config/SSSDConfig/sssdoptions.py:277
-+msgid ""
-+"The LDAP attribute that contains all users / groups this rule match against."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl.c:35
--msgid "yes"
--msgstr "oui"
-+#: src/config/SSSDConfig/sssdoptions.py:279
-+msgid "The LDAP attribute that contains the name of SELinux usermap."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl.c:37
--msgid "no"
--msgstr "non"
-+#: src/config/SSSDConfig/sssdoptions.py:281
-+msgid ""
-+"The LDAP attribute that contains DN of HBAC rule which can be used for "
-+"matching instead of memberUser and memberHost."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl.c:39
--msgid "error"
--msgstr "erreur"
-+#: src/config/SSSDConfig/sssdoptions.py:283
-+msgid "The LDAP attribute that contains SELinux user string itself."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl.c:42
--msgid "Invalid result."
--msgstr "Résultat non valide."
-+#: src/config/SSSDConfig/sssdoptions.py:284
-+msgid "The LDAP attribute that contains user category such as 'all'."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl.c:78
--msgid "Unable to read user input\n"
--msgstr "Impossible de lire l'entrée de l'utilisateur\n"
-+#: src/config/SSSDConfig/sssdoptions.py:285
-+msgid "The LDAP attribute that contains unique ID of the user map."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl.c:91
--#, c-format
--msgid "Invalid input, please provide either '%s' or '%s'.\n"
--msgstr "Entrée non valable, veuillez fournir %s ou %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:286
-+msgid ""
-+"The option denotes that the SSSD is running on IPA server and should perform "
-+"lookups of users and groups from trusted domains differently."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
--msgid "Error while executing external command\n"
--msgstr "Erreur lors de l'exécution d'une commande externe\n"
-+#: src/config/SSSDConfig/sssdoptions.py:288
-+msgid "Use the given string as search base for trusted domains."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl.c:156
--msgid "SSSD needs to be running. Start SSSD now?"
--msgstr "Le SSSD doit être exécuté. Démarrer le SSSD maintenant ?"
-+#: src/config/SSSDConfig/sssdoptions.py:291
-+msgid "Active Directory domain"
-+msgstr "Domaine Active Directory"
-
--#: src/tools/sssctl/sssctl.c:195
--msgid "SSSD must not be running. Stop SSSD now?"
--msgstr ""
--"Le SSSD ne doit pas être en cours d'exécution. Arrêter le SSSD maintenant ?"
-+#: src/config/SSSDConfig/sssdoptions.py:292
-+msgid "Enabled Active Directory domains"
-+msgstr "Domaine d’Active Directory activés"
-
--#: src/tools/sssctl/sssctl.c:231
--msgid "SSSD needs to be restarted. Restart SSSD now?"
--msgstr "Le SSSD doit être relancé. Redémarrer SSSD maintenant ?"
-+#: src/config/SSSDConfig/sssdoptions.py:293
-+msgid "Active Directory server address"
-+msgstr "Adresse du serveur Active Directory"
-
--#: src/tools/sssctl/sssctl_cache.c:31
--#, c-format
--msgid " %s is not present in cache.\n"
--msgstr " %s n'est pas présent dans le cache.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:294
-+msgid "Active Directory backup server address"
-+msgstr "Adresse du serveur Active Directory de secours"
-
--#: src/tools/sssctl/sssctl_cache.c:33
--msgid "Name"
--msgstr "Nom"
-+#: src/config/SSSDConfig/sssdoptions.py:295
-+msgid "Active Directory client hostname"
-+msgstr "Nom de système du client Active Directory"
-
--#: src/tools/sssctl/sssctl_cache.c:34
--msgid "Cache entry creation date"
--msgstr "Date de création de l'entrée en cache"
-+#: src/config/SSSDConfig/sssdoptions.py:297
-+#: src/config/SSSDConfig/sssdoptions.py:488
-+msgid "LDAP filter to determine access privileges"
-+msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
-
--#: src/tools/sssctl/sssctl_cache.c:35
--msgid "Cache entry last update time"
--msgstr "Heure de la dernière mise à jour de l'entrée du cache"
--
--#: src/tools/sssctl/sssctl_cache.c:36
--msgid "Cache entry expiration time"
--msgstr "Temps d'expiration de l'entrée du cache"
--
--#: src/tools/sssctl/sssctl_cache.c:37
--msgid "Cached in InfoPipe"
--msgstr "Mise en cache dans InfoPipe"
--
--#: src/tools/sssctl/sssctl_cache.c:522
--#, c-format
--msgid "Error: Unable to get object [%d]: %s\n"
--msgstr "Erreur : Impossible d'obtenir l'objet [%d] : %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:298
-+msgid "Whether to use the Global Catalog for lookups"
-+msgstr "Choisir d'utiliser ou non le catalogue global pour les recherches"
-
--#: src/tools/sssctl/sssctl_cache.c:538
--#, c-format
--msgid "%s: Unable to read value [%d]: %s\n"
--msgstr "%s: Impossible de lire la valeur [%d] : %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:299
-+msgid "Operation mode for GPO-based access control"
-+msgstr "Mode opératoire pour les contrôles d'accès basé sur les GPO"
-
--#: src/tools/sssctl/sssctl_cache.c:566
--msgid "Specify name."
--msgstr "Indiquez le nom."
-+#: src/config/SSSDConfig/sssdoptions.py:300
-+msgid ""
-+"The amount of time between lookups of the GPO policy files against the AD "
-+"server"
-+msgstr ""
-+"Durée entre les recherches de fichiers de politiques de GPO dans le serveur "
-+"AD"
-
--#: src/tools/sssctl/sssctl_cache.c:576
--#, c-format
--msgid "Unable to parse name %s.\n"
--msgstr "Impossible d'analyser le nom %s.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:301
-+msgid ""
-+"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
-+"settings"
-+msgstr ""
-+"Noms de services PAM correspondant à la configuration de la politique "
-+"(Deny)InteractiveLogonRight de la GPO"
-
--#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
--msgid "Search by SID"
--msgstr "Recherche par SID"
-+#: src/config/SSSDConfig/sssdoptions.py:303
-+msgid ""
-+"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
-+"policy settings"
-+msgstr ""
-+"Noms de services PAM correspondant à la configuration de la politique "
-+"(Deny)RemoteInteractiveLogonRight de la GPO"
-
--#: src/tools/sssctl/sssctl_cache.c:603
--msgid "Search by user ID"
--msgstr "Recherche par ID utilisateur"
-+#: src/config/SSSDConfig/sssdoptions.py:305
-+msgid ""
-+"PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
-+"settings"
-+msgstr ""
-+"Noms de services PAM correspondant à la configuration de la politique "
-+"(Deny)NetworkLogonRight de la GPO"
-
--#: src/tools/sssctl/sssctl_cache.c:612
--msgid "Initgroups expiration time"
--msgstr "Délai d'expiration des initgroups"
-+#: src/config/SSSDConfig/sssdoptions.py:306
-+msgid ""
-+"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
-+msgstr ""
-+"Noms de services PAM correspondant à la configuration de la politique "
-+"(Deny)BatchLogonRight de la GPO"
-
--#: src/tools/sssctl/sssctl_cache.c:650
--msgid "Search by group ID"
--msgstr "Recherche par ID de groupe"
-+#: src/config/SSSDConfig/sssdoptions.py:307
-+msgid ""
-+"PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
-+"settings"
-+msgstr ""
-+"Noms de services PAM correspondant à la configuration de la politique "
-+"(Deny)ServiceLogonRight de la GPO"
-
--#: src/tools/sssctl/sssctl_config.c:70
--#, c-format
--msgid "Failed to open %s\n"
--msgstr "N’a pas pu ouvrir %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:308
-+msgid "PAM service names for which GPO-based access is always granted"
-+msgstr ""
-+"Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
-+"toujours autorisés"
-
--#: src/tools/sssctl/sssctl_config.c:75
--#, c-format
--msgid "File %1$s does not exist.\n"
--msgstr "Le fichier %1$s n’existe pas.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:309
-+msgid "PAM service names for which GPO-based access is always denied"
-+msgstr ""
-+"Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
-+"toujours interdits"
-
--#: src/tools/sssctl/sssctl_config.c:79
-+#: src/config/SSSDConfig/sssdoptions.py:310
- msgid ""
--"File ownership and permissions check failed. Expected root:root and 0600.\n"
-+"Default logon right (or permit/deny) to use for unmapped PAM service names"
- msgstr ""
--"La vérification de la propriété et des permissions des fichiers a échoué. "
--"Attendue : root:root et 0600.\n"
--
--#: src/tools/sssctl/sssctl_config.c:85
--#, fuzzy, c-format
--msgid "Failed to load configuration from %s.\n"
--msgstr "Echec du chargement de la configuration à partir de %s.\n"
-+"Droit de connexion par défaut (ou permission/interdiction) à utiliser pour "
-+"les noms de services sans correspondance"
-
--#: src/tools/sssctl/sssctl_config.c:91
--msgid "Error while reading configuration directory.\n"
--msgstr "Erreur lors de la lecture du répertoire de configuration.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:311
-+msgid "a particular site to be used by the client"
-+msgstr "un site particulier utilisé par le client"
-
--#: src/tools/sssctl/sssctl_config.c:99
-+#: src/config/SSSDConfig/sssdoptions.py:312
- msgid ""
--"There is no configuration. SSSD will use default configuration with files "
--"provider.\n"
-+"Maximum age in days before the machine account password should be renewed"
- msgstr ""
--"Il n'y a pas de configuration. SSSD utilisera la configuration par défaut "
--"avec le fournisseur de fichiers.\n"
-+"Âge maximum en jours avant que le mot de passe du compte de la machine ne "
-+"soit renouvelé"
-
--#: src/tools/sssctl/sssctl_config.c:111
--msgid "Failed to run validators"
--msgstr "Échec de l'exécution des validateurs"
-+#: src/config/SSSDConfig/sssdoptions.py:314
-+msgid "Option for tuning the machine account renewal task"
-+msgstr "Option de réglage de la tâche de renouvellement du compte machine"
-
--#: src/tools/sssctl/sssctl_config.c:115
--#, c-format
--msgid "Issues identified by validators: %zu\n"
--msgstr "Problèmes identifiés par les validateurs : %zu\n"
-+#: src/config/SSSDConfig/sssdoptions.py:315
-+msgid "Whether to update the machine account password in the Samba database"
-+msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:126
--#, c-format
--msgid "Messages generated during configuration merging: %zu\n"
--msgstr "Messages générés lors de la fusion des configurations : %zu\n"
-+#: src/config/SSSDConfig/sssdoptions.py:317
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr "Utiliser le port LDAPS pour les requêtes LDAP et Catalogue global"
-
--#: src/tools/sssctl/sssctl_config.c:137
--#, c-format
--msgid "Used configuration snippet files: %zu\n"
--msgstr "Fichiers de configuration utilisés : %zu\n"
-+#: src/config/SSSDConfig/sssdoptions.py:320
-+#: src/config/SSSDConfig/sssdoptions.py:321
-+msgid "Kerberos server address"
-+msgstr "Adresse du serveur Kerberos"
-
--#: src/tools/sssctl/sssctl_data.c:89
--#, c-format
--msgid "Unable to create backup directory [%d]: %s"
--msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s"
-+#: src/config/SSSDConfig/sssdoptions.py:322
-+msgid "Kerberos backup server address"
-+msgstr "Adresse du serveur Kerberos de secours"
-
--#: src/tools/sssctl/sssctl_data.c:95
--msgid "SSSD backup of local data already exists, override?"
--msgstr "La sauvegarde SSSD des données locales existe déjà, la remplacer ?"
-+#: src/config/SSSDConfig/sssdoptions.py:323
-+msgid "Kerberos realm"
-+msgstr "Domaine Kerberos"
-
--#: src/tools/sssctl/sssctl_data.c:111
--msgid "Unable to export user overrides\n"
--msgstr "Impossible d'exporter les substitutions d'utilisateur\n"
-+#: src/config/SSSDConfig/sssdoptions.py:324
-+msgid "Authentication timeout"
-+msgstr "Délai avant expiration de l'authentification"
-
--#: src/tools/sssctl/sssctl_data.c:118
--msgid "Unable to export group overrides\n"
--msgstr "Impossible d'exporter les substitutions de groupes\n"
-+#: src/config/SSSDConfig/sssdoptions.py:325
-+msgid "Whether to create kdcinfo files"
-+msgstr "Choisir de créer ou non les fichiers kdcinfo"
-
--#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
--msgid "Override existing backup"
--msgstr "Remplacer la sauvegarde existante"
-+#: src/config/SSSDConfig/sssdoptions.py:326
-+msgid "Where to drop krb5 config snippets"
-+msgstr "Où déposer les extraits de configuration krb5"
-
--#: src/tools/sssctl/sssctl_data.c:164
--msgid "Unable to import user overrides\n"
--msgstr "Impossible d'importer les substitutions d'utilisateur\n"
-+#: src/config/SSSDConfig/sssdoptions.py:329
-+msgid "Directory to store credential caches"
-+msgstr "Répertoire pour stocker les caches de crédits"
-
--#: src/tools/sssctl/sssctl_data.c:173
--msgid "Unable to import group overrides\n"
--msgstr "Impossible d'importer les substitutions de groupes\n"
-+#: src/config/SSSDConfig/sssdoptions.py:330
-+msgid "Location of the user's credential cache"
-+msgstr "Emplacement du cache de crédits de l'utilisateur"
-
--#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
--#: src/tools/sssctl/sssctl_domains.c:328
--msgid "Start SSSD if it is not running"
--msgstr "Démarrer SSSD s'il n'est pas en cours d'exécution"
-+#: src/config/SSSDConfig/sssdoptions.py:331
-+msgid "Location of the keytab to validate credentials"
-+msgstr "Emplacement du fichier keytab de validation des crédits"
-
--#: src/tools/sssctl/sssctl_data.c:195
--msgid "Restart SSSD after data import"
--msgstr "Redémarrer SSSD après l'importation des données"
-+#: src/config/SSSDConfig/sssdoptions.py:332
-+msgid "Enable credential validation"
-+msgstr "Activer la validation des crédits"
-
--#: src/tools/sssctl/sssctl_data.c:218
--msgid "Create clean cache files and import local data"
--msgstr "Créer des fichiers de cache propres et importer des données locales"
-+#: src/config/SSSDConfig/sssdoptions.py:333
-+msgid "Store password if offline for later online authentication"
-+msgstr ""
-+"Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure "
-+"en ligne"
-
--#: src/tools/sssctl/sssctl_data.c:219
--msgid "Stop SSSD before removing the cache"
--msgstr "Arrêtez SSSD avant de supprimer le cache"
-+#: src/config/SSSDConfig/sssdoptions.py:334
-+msgid "Renewable lifetime of the TGT"
-+msgstr "Durée de vie renouvelable du TGT"
-
--#: src/tools/sssctl/sssctl_data.c:220
--msgid "Start SSSD when the cache is removed"
--msgstr "Démarrer SSSD lorsque le cache est supprimé"
-+#: src/config/SSSDConfig/sssdoptions.py:335
-+msgid "Lifetime of the TGT"
-+msgstr "Durée de vie du TGT"
-
--#: src/tools/sssctl/sssctl_data.c:235
--msgid "Creating backup of local data...\n"
--msgstr "Création d'une sauvegarde des données locales...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:336
-+msgid "Time between two checks for renewal"
-+msgstr "Durée entre deux vérifications pour le renouvellement"
-
--#: src/tools/sssctl/sssctl_data.c:238
--msgid "Unable to create backup of local data, can not remove the cache.\n"
--msgstr ""
--"Impossible de créer une sauvegarde des données locales, impossible de "
--"supprimer le cache.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:337
-+msgid "Enables FAST"
-+msgstr "Active FAST"
-
--#: src/tools/sssctl/sssctl_data.c:243
--msgid "Removing cache files...\n"
--msgstr "Suppression des fichiers de cache...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:338
-+msgid "Selects the principal to use for FAST"
-+msgstr "Sélectionne le principal à utiliser avec FAST"
-
--#: src/tools/sssctl/sssctl_data.c:246
--msgid "Unable to remove cache files\n"
--msgstr "Impossible de supprimer les fichiers de cache\n"
-+#: src/config/SSSDConfig/sssdoptions.py:339
-+msgid "Enables principal canonicalization"
-+msgstr "Active la canonisation du principal"
-
--#: src/tools/sssctl/sssctl_data.c:251
--msgid "Restoring local data...\n"
--msgstr "Restauration des données locales...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:340
-+msgid "Enables enterprise principals"
-+msgstr "Active les principals d'entreprise"
-
--#: src/tools/sssctl/sssctl_domains.c:83
--msgid "Show domain list including primary or trusted domain type"
-+#: src/config/SSSDConfig/sssdoptions.py:341
-+msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
--"Afficher la liste des domaines, y compris le type de domaine principal ou de "
--"confiance"
-+"Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos"
-
--#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
--#: src/tools/sssctl/sssctl_user_checks.c:95
--msgid "Unable to connect to system bus!\n"
--msgstr "Impossible de se connecter au bus système !\n"
-+#: src/config/SSSDConfig/sssdoptions.py:344
-+#: src/config/SSSDConfig/sssdoptions.py:345
-+msgid "Server where the change password service is running if not on the KDC"
-+msgstr ""
-+"Serveur où tourne le service de changement de mot de passe s'il n'est pas "
-+"sur le KDC"
-
--#: src/tools/sssctl/sssctl_domains.c:167
--msgid "Online"
--msgstr "En ligne"
-+#: src/config/SSSDConfig/sssdoptions.py:348
-+msgid "ldap_uri, The URI of the LDAP server"
-+msgstr "ldap_uri, l'adresse du serveur LDAP"
-
--#: src/tools/sssctl/sssctl_domains.c:167
--msgid "Offline"
--msgstr "Hors ligne"
-+#: src/config/SSSDConfig/sssdoptions.py:349
-+msgid "ldap_backup_uri, The URI of the LDAP server"
-+msgstr "ldap_backup_uri, l'URI du serveur LDAP"
-
--#: src/tools/sssctl/sssctl_domains.c:167
--#, c-format
--msgid "Online status: %s\n"
--msgstr "Statut en ligne : %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:350
-+msgid "The default base DN"
-+msgstr "La base DN par défaut"
-
--#: src/tools/sssctl/sssctl_domains.c:213
--msgid "This domain has no active servers.\n"
--msgstr "Ce domaine n'a pas de serveurs actifs.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:351
-+msgid "The Schema Type in use on the LDAP server, rfc2307"
-+msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
-
--#: src/tools/sssctl/sssctl_domains.c:218
--msgid "Active servers:\n"
--msgstr "Serveurs actifs :\n"
-+#: src/config/SSSDConfig/sssdoptions.py:352
-+msgid "Mode used to change user password"
-+msgstr "Mode utilisé pour modifier le mot de passe utilisateur"
-
--#: src/tools/sssctl/sssctl_domains.c:230
--msgid "not connected"
--msgstr "non connecté"
-+#: src/config/SSSDConfig/sssdoptions.py:353
-+msgid "The default bind DN"
-+msgstr "Le DN de connexion par défaut"
-
--#: src/tools/sssctl/sssctl_domains.c:267
--msgid "No servers discovered.\n"
--msgstr "Aucun serveur découvert.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:354
-+msgid "The type of the authentication token of the default bind DN"
-+msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
-
--#: src/tools/sssctl/sssctl_domains.c:273
--#, c-format
--msgid "Discovered %s servers:\n"
--msgstr "%s serveurs découverts :\n"
-+#: src/config/SSSDConfig/sssdoptions.py:355
-+msgid "The authentication token of the default bind DN"
-+msgstr "Le jeton d'authentification du DN de connexion par défaut"
-
--#: src/tools/sssctl/sssctl_domains.c:285
--msgid "None so far.\n"
--msgstr "Aucun pour l'instant.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:356
-+msgid "Length of time to attempt connection"
-+msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
-
--#: src/tools/sssctl/sssctl_domains.c:325
--msgid "Show online status"
--msgstr "Afficher le statut en ligne"
-+#: src/config/SSSDConfig/sssdoptions.py:357
-+msgid "Length of time to attempt synchronous LDAP operations"
-+msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
-
--#: src/tools/sssctl/sssctl_domains.c:326
--msgid "Show information about active server"
--msgstr "Afficher les informations sur le serveur actif"
-+#: src/config/SSSDConfig/sssdoptions.py:358
-+msgid "Length of time between attempts to reconnect while offline"
-+msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
-
--#: src/tools/sssctl/sssctl_domains.c:327
--msgid "Show list of discovered servers"
--msgstr "Afficher la liste des serveurs découverts"
-+#: src/config/SSSDConfig/sssdoptions.py:359
-+msgid "Use only the upper case for realm names"
-+msgstr "N'utiliser que des majuscules pour les noms de domaine"
-
--#: src/tools/sssctl/sssctl_domains.c:333
--msgid "Specify domain name."
--msgstr "Indiquer le nom de domaine."
-+#: src/config/SSSDConfig/sssdoptions.py:360
-+msgid "File that contains CA certificates"
-+msgstr "Fichier contenant les certificats des CA"
-
--#: src/tools/sssctl/sssctl_domains.c:355
--msgid "Out of memory!\n"
--msgstr "Plus de mémoire disponible !\n"
-+#: src/config/SSSDConfig/sssdoptions.py:361
-+msgid "Path to CA certificate directory"
-+msgstr "Chemin vers le répertoire de certificats des CA"
-
--#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
--msgid "Unable to get online status\n"
--msgstr "Impossible d'obtenir le statut en ligne\n"
-+#: src/config/SSSDConfig/sssdoptions.py:362
-+msgid "File that contains the client certificate"
-+msgstr "Fichier contenant le certificat client"
-
--#: src/tools/sssctl/sssctl_domains.c:395
--msgid "Unable to get server list\n"
--msgstr "Impossible d'obtenir la liste des serveurs\n"
-+#: src/config/SSSDConfig/sssdoptions.py:363
-+msgid "File that contains the client key"
-+msgstr "Fichier contenant la clé du client"
-
--#: src/tools/sssctl/sssctl_logs.c:46
--msgid "\n"
--msgstr "\n"
-+#: src/config/SSSDConfig/sssdoptions.py:364
-+msgid "List of possible ciphers suites"
-+msgstr "Liste des suites de chiffrement possibles"
-
--#: src/tools/sssctl/sssctl_logs.c:236
--msgid "Delete log files instead of truncating"
--msgstr "Supprimer les fichiers de log au lieu de tronquer"
-+#: src/config/SSSDConfig/sssdoptions.py:365
-+msgid "Require TLS certificate verification"
-+msgstr "Requiert une vérification de certificat TLS"
-
--#: src/tools/sssctl/sssctl_logs.c:247
--msgid "Deleting log files...\n"
--msgstr "Suppression des fichiers journaux...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:366
-+msgid "Specify the sasl mechanism to use"
-+msgstr "Spécifier le mécanisme SASL à utiliser"
-
--#: src/tools/sssctl/sssctl_logs.c:250
--msgid "Unable to remove log files\n"
--msgstr "Impossible de supprimer les fichiers journaux\n"
-+#: src/config/SSSDConfig/sssdoptions.py:367
-+msgid "Specify the sasl authorization id to use"
-+msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
-
--#: src/tools/sssctl/sssctl_logs.c:256
--msgid "Truncating log files...\n"
--msgstr "Troncature des fichiers de journalisation...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:368
-+msgid "Specify the sasl authorization realm to use"
-+msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
-
--#: src/tools/sssctl/sssctl_logs.c:259
--msgid "Unable to truncate log files\n"
--msgstr "Impossible de tronquer les fichiers de journalisation\n"
-+#: src/config/SSSDConfig/sssdoptions.py:369
-+msgid "Specify the minimal SSF for LDAP sasl authorization"
-+msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-
--#: src/tools/sssctl/sssctl_logs.c:285
--msgid "Out of memory!"
--msgstr "Plus de mémoire disponible !"
-+#: src/config/SSSDConfig/sssdoptions.py:370
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Spécifie le SFF maximal pour l'autorisation sasl LDAP"
-
--#: src/tools/sssctl/sssctl_logs.c:288
--#, c-format
--msgid "Archiving log files into %s...\n"
--msgstr "Archivage des fichiers journaux dans %s...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:371
-+msgid "Kerberos service keytab"
-+msgstr "Service du fichier keytab de Kerberos"
-
--#: src/tools/sssctl/sssctl_logs.c:291
--msgid "Unable to archive log files\n"
--msgstr "Impossible d'archiver les fichiers journaux\n"
-+#: src/config/SSSDConfig/sssdoptions.py:372
-+msgid "Use Kerberos auth for LDAP connection"
-+msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
-
--#: src/tools/sssctl/sssctl_logs.c:316
--msgid "Specify debug level you want to set"
--msgstr "Spécifiez le niveau de débogage que vous souhaitez définir"
-+#: src/config/SSSDConfig/sssdoptions.py:373
-+msgid "Follow LDAP referrals"
-+msgstr "Suivre les référents LDAP"
-
--#: src/tools/sssctl/sssctl_user_checks.c:117
--msgid "SSSD InfoPipe user lookup result:\n"
--msgstr "Résultat de la recherche de l'utilisateur SSSD InfoPipe :\n"
-+#: src/config/SSSDConfig/sssdoptions.py:374
-+msgid "Lifetime of TGT for LDAP connection"
-+msgstr "Durée de vie du TGT pour la connexion LDAP"
-
--#: src/tools/sssctl/sssctl_user_checks.c:167
--#, c-format
--msgid "dlopen failed with [%s].\n"
--msgstr "dlopen a échoué avec [%s].\n"
-+#: src/config/SSSDConfig/sssdoptions.py:375
-+msgid "How to dereference aliases"
-+msgstr "Comment déréférencer les alias"
-
--#: src/tools/sssctl/sssctl_user_checks.c:174
--#, c-format
--msgid "dlsym failed with [%s].\n"
--msgstr "dlopen a échoué avec [%s].\n"
-+#: src/config/SSSDConfig/sssdoptions.py:376
-+msgid "Service name for DNS service lookups"
-+msgstr "Nom du service pour les recherches DNS"
-
--#: src/tools/sssctl/sssctl_user_checks.c:182
--msgid "malloc failed.\n"
--msgstr "malloc a échoué.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:377
-+msgid "The number of records to retrieve in a single LDAP query"
-+msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
-
--#: src/tools/sssctl/sssctl_user_checks.c:189
--#, c-format
--msgid "sss_getpwnam_r failed with [%d].\n"
--msgstr "sss_getpwnam_r a échoué avec [%d].\n"
-+#: src/config/SSSDConfig/sssdoptions.py:378
-+msgid "The number of members that must be missing to trigger a full deref"
-+msgstr ""
-+"Nombre de membres qui doivent être manquants pour activer un déréférencement "
-+"complet"
-
--#: src/tools/sssctl/sssctl_user_checks.c:194
--msgid "SSSD nss user lookup result:\n"
--msgstr "Résultat de la recherche de l'utilisateur SSSD nss :\n"
-+#: src/config/SSSDConfig/sssdoptions.py:379
-+msgid ""
-+"Whether the LDAP library should perform a reverse lookup to canonicalize the "
-+"host name during a SASL bind"
-+msgstr ""
-+"Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le "
-+"nom d'hôte pendant une connexion SASL ?"
-
--#: src/tools/sssctl/sssctl_user_checks.c:195
--#, c-format
--msgid " - user name: %s\n"
--msgstr " - user name: %s\n"
--
--#: src/tools/sssctl/sssctl_user_checks.c:196
--#, c-format
--msgid " - user id: %d\n"
--msgstr " - user id: %d\n"
--
--#: src/tools/sssctl/sssctl_user_checks.c:197
--#, c-format
--msgid " - group id: %d\n"
--msgstr " - group id: %d\n"
-+#: src/config/SSSDConfig/sssdoptions.py:381
-+msgid ""
-+"Allows to retain local users as members of an LDAP group for servers that "
-+"use the RFC2307 schema."
-+msgstr ""
-
--#: src/tools/sssctl/sssctl_user_checks.c:198
--#, c-format
--msgid " - gecos: %s\n"
--msgstr " - gecos: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:384
-+msgid "entryUSN attribute"
-+msgstr "attribut entryUSN"
-
--#: src/tools/sssctl/sssctl_user_checks.c:199
--#, c-format
--msgid " - home directory: %s\n"
--msgstr " - home directory: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:385
-+msgid "lastUSN attribute"
-+msgstr "attribut lastUSN"
-
--#: src/tools/sssctl/sssctl_user_checks.c:200
--#, c-format
-+#: src/config/SSSDConfig/sssdoptions.py:387
- msgid ""
--" - shell: %s\n"
--"\n"
-+"How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
--" - shell: %s\n"
--"\n"
-+"Combien de temps conserver la connexion au serveur LDAP avant de se "
-+"déconnecter"
-
--#: src/tools/sssctl/sssctl_user_checks.c:232
--msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
--msgstr "Action PAM [auth|acct|setc|chau|open|clos], par défaut : "
-+#: src/config/SSSDConfig/sssdoptions.py:390
-+msgid "Disable the LDAP paging control"
-+msgstr "Désactiver le contrôle des pages LDAP"
-
--#: src/tools/sssctl/sssctl_user_checks.c:235
--msgid "PAM service, default: "
--msgstr "Service PAM, par défaut : "
-+#: src/config/SSSDConfig/sssdoptions.py:391
-+msgid "Disable Active Directory range retrieval"
-+msgstr "Désactiver la récupération de plage Active Directory."
-
--#: src/tools/sssctl/sssctl_user_checks.c:240
--msgid "Specify user name."
--msgstr "Spécifiez le nom d'utilisateur."
-+#: src/config/SSSDConfig/sssdoptions.py:394
-+msgid "Length of time to wait for a search request"
-+msgstr "Durée d'attente pour une requête de recherche"
-
--#: src/tools/sssctl/sssctl_user_checks.c:247
--#, c-format
--msgid ""
--"user: %s\n"
--"action: %s\n"
--"service: %s\n"
--"\n"
--msgstr ""
--"utilisateur: %s\n"
--"action: %s\n"
--"service: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:395
-+msgid "Length of time to wait for a enumeration request"
-+msgstr "Durée d'attente pour une requête d'énumération"
-
--#: src/tools/sssctl/sssctl_user_checks.c:252
--#, c-format
--msgid "User name lookup with [%s] failed.\n"
--msgstr "La recherche de nom d'utilisateur avec [%s] a échoué.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:396
-+msgid "Length of time between enumeration updates"
-+msgstr "Durée entre deux mises à jour d'énumération"
-
--#: src/tools/sssctl/sssctl_user_checks.c:257
--#, c-format
--msgid "InfoPipe User lookup with [%s] failed.\n"
--msgstr "La recherche de l'utilisateur InfoPipe avec [%s] a échoué.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:397
-+msgid "Length of time between cache cleanups"
-+msgstr "Durée entre les nettoyages de cache"
-
--#: src/tools/sssctl/sssctl_user_checks.c:263
--#, c-format
--msgid "pam_start failed: %s\n"
--msgstr "pam_start a échoué : %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:398
-+msgid "Require TLS for ID lookups"
-+msgstr "TLS est requis pour les recherches d'identifiants"
-
--#: src/tools/sssctl/sssctl_user_checks.c:268
--msgid ""
--"testing pam_authenticate\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:399
-+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
--"test de pam_authenticate\n"
--"\n"
-+"Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-"
-+"établis"
-
--#: src/tools/sssctl/sssctl_user_checks.c:272
--#, c-format
--msgid "pam_get_item failed: %s\n"
--msgstr "pam_get_item a échoué : %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:400
-+msgid "Base DN for user lookups"
-+msgstr "Base DN pour les recherches d'utilisateurs"
-
--#: src/tools/sssctl/sssctl_user_checks.c:275
--#, c-format
--msgid ""
--"pam_authenticate for user [%s]: %s\n"
--"\n"
--msgstr "pam_authenticate pour l'utilisateur [%s] : %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:401
-+msgid "Scope of user lookups"
-+msgstr "Scope des recherches d'utilisateurs"
-
--#: src/tools/sssctl/sssctl_user_checks.c:278
--msgid ""
--"testing pam_chauthtok\n"
--"\n"
--msgstr ""
--"test pam_chauthtok\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:402
-+msgid "Filter for user lookups"
-+msgstr "Filtre pour les recherches d'utilisateurs"
-
--#: src/tools/sssctl/sssctl_user_checks.c:280
--#, c-format
--msgid ""
--"pam_chauthtok: %s\n"
--"\n"
--msgstr ""
--"pam_chauthtok: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:403
-+msgid "Objectclass for users"
-+msgstr "Classe d'objet pour les utilisateurs"
-
--#: src/tools/sssctl/sssctl_user_checks.c:282
--msgid ""
--"testing pam_acct_mgmt\n"
--"\n"
--msgstr ""
--"test de pam_acct_mgmt\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:404
-+msgid "Username attribute"
-+msgstr "Attribut de nom d'utilisateur"
-
--#: src/tools/sssctl/sssctl_user_checks.c:284
--#, c-format
--msgid ""
--"pam_acct_mgmt: %s\n"
--"\n"
--msgstr ""
--"pam_acct_mgmt: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:405
-+msgid "UID attribute"
-+msgstr "Attribut UID"
-
--#: src/tools/sssctl/sssctl_user_checks.c:286
--msgid ""
--"testing pam_setcred\n"
--"\n"
--msgstr ""
--"test de pam_setcred\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:406
-+msgid "Primary GID attribute"
-+msgstr "Attribut de GID primaire"
-
--#: src/tools/sssctl/sssctl_user_checks.c:288
--#, c-format
--msgid ""
--"pam_setcred: [%s]\n"
--"\n"
--msgstr ""
--"pam_setcred: [%s]\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:407
-+msgid "GECOS attribute"
-+msgstr "Attribut GECOS"
-
--#: src/tools/sssctl/sssctl_user_checks.c:290
--msgid ""
--"testing pam_open_session\n"
--"\n"
--msgstr ""
--"test pam_open_session\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:408
-+msgid "Home directory attribute"
-+msgstr "Attribut de répertoire utilisateur"
-
--#: src/tools/sssctl/sssctl_user_checks.c:292
--#, c-format
--msgid ""
--"pam_open_session: %s\n"
--"\n"
--msgstr ""
--"pam_open_session: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:409
-+msgid "Shell attribute"
-+msgstr "Attribut d'interpréteur de commandes"
-
--#: src/tools/sssctl/sssctl_user_checks.c:294
--msgid ""
--"testing pam_close_session\n"
--"\n"
--msgstr ""
--"test pam_close_session\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:410
-+msgid "UUID attribute"
-+msgstr "attribut UUID"
-
--#: src/tools/sssctl/sssctl_user_checks.c:296
--#, c-format
--msgid ""
--"pam_close_session: %s\n"
--"\n"
--msgstr ""
--"pam_close_session: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:411
-+#: src/config/SSSDConfig/sssdoptions.py:449
-+msgid "objectSID attribute"
-+msgstr "attribut objectSID"
-
--#: src/tools/sssctl/sssctl_user_checks.c:298
--msgid "unknown action\n"
--msgstr "action inconnue\n"
-+#: src/config/SSSDConfig/sssdoptions.py:412
-+msgid "Active Directory primary group attribute for ID-mapping"
-+msgstr "Groupe primaire Active Directory pour la correspondance d'ID"
-
--#: src/tools/sssctl/sssctl_user_checks.c:301
--msgid "PAM Environment:\n"
--msgstr "Environnement PAM :\n"
-+#: src/config/SSSDConfig/sssdoptions.py:413
-+msgid "User principal attribute (for Kerberos)"
-+msgstr "Attribut d'utilisateur principal (pour Kerberos)"
-
--#: src/tools/sssctl/sssctl_user_checks.c:309
--msgid " - no env -\n"
--msgstr " - no env -\n"
-+#: src/config/SSSDConfig/sssdoptions.py:414
-+msgid "Full Name"
-+msgstr "Nom complet"
-
--#: src/util/util.h:82
--msgid "The user ID to run the server as"
--msgstr "L'identifiant utilisateur sous lequel faire tourner le serveur"
-+#: src/config/SSSDConfig/sssdoptions.py:415
-+msgid "memberOf attribute"
-+msgstr "Attribut memberOf"
-
--#: src/util/util.h:84
--msgid "The group ID to run the server as"
--msgstr "L'identifiant de groupe sous lequel faire tourner le serveur"
-+#: src/config/SSSDConfig/sssdoptions.py:416
-+msgid "Modification time attribute"
-+msgstr "Attribut de date de modification"
-
--#: src/util/util.h:92
--msgid "Informs that the responder has been socket-activated"
--msgstr "Informe que le répondeur a été activé par un socket"
-+#: src/config/SSSDConfig/sssdoptions.py:417
-+msgid "shadowLastChange attribute"
-+msgstr "Attribut shadowLastChange"
-
--#: src/util/util.h:94
--msgid "Informs that the responder has been dbus-activated"
--msgstr "Informe que le répondeur a été activé par un dbus"
-+#: src/config/SSSDConfig/sssdoptions.py:418
-+msgid "shadowMin attribute"
-+msgstr "Attribut shadowMin"
-
--#~ msgid "Set the verbosity of the debug logging"
--#~ msgstr "Définir le niveau de détails de la sortie de débogage"
-+#: src/config/SSSDConfig/sssdoptions.py:419
-+msgid "shadowMax attribute"
-+msgstr "Attribut shadowMax"
-
--#~ msgid "Include timestamps in debug logs"
--#~ msgstr "Ajouter l'horodatage dans les fichiers de débogage"
-+#: src/config/SSSDConfig/sssdoptions.py:420
-+msgid "shadowWarning attribute"
-+msgstr "Attribut shadowWarning"
-
--#~ msgid "Include microseconds in timestamps in debug logs"
--#~ msgstr ""
--#~ "Ajouter les microsecondes pour l'horodatage dans les journaux de débogage"
-+#: src/config/SSSDConfig/sssdoptions.py:421
-+msgid "shadowInactive attribute"
-+msgstr "Attribut shadowInactive"
-
--#~ msgid "Write debug messages to logfiles"
--#~ msgstr "Écrire les messages de débogage dans les journaux"
-+#: src/config/SSSDConfig/sssdoptions.py:422
-+msgid "shadowExpire attribute"
-+msgstr "Attribut shadowExpire"
-
--#~ msgid "Watchdog timeout before restarting service"
--#~ msgstr "Délai de surveillance avant le redémarrage du service"
-+#: src/config/SSSDConfig/sssdoptions.py:423
-+msgid "shadowFlag attribute"
-+msgstr "Attribut shadowFlag"
-
--#~ msgid "Command to start service"
--#~ msgstr "Commande pour démarrer le service"
-+#: src/config/SSSDConfig/sssdoptions.py:424
-+msgid "Attribute listing authorized PAM services"
-+msgstr "Attribut listant les services PAM autorisés"
-
--#~ msgid "Number of times to attempt connection to Data Providers"
--#~ msgstr ""
--#~ "Nombre d'essais pour tenter de se connecter au fournisseur de données"
-+#: src/config/SSSDConfig/sssdoptions.py:425
-+msgid "Attribute listing authorized server hosts"
-+msgstr "Attribut listant les hôtes de serveurs autorisés"
-
--#~ msgid "The number of file descriptors that may be opened by this responder"
--#~ msgstr ""
--#~ "Le nombre de descripteurs de fichiers qui peuvent être ouverts par ce "
--#~ "répondeur"
-+#: src/config/SSSDConfig/sssdoptions.py:426
-+msgid "Attribute listing authorized server rhosts"
-+msgstr "Attribut listant les rhosts de serveurs autorisés"
-
--#~ msgid "Idle time before automatic disconnection of a client"
--#~ msgstr "durée d'inactivité avant la déconnexion automatique d'un client"
-+#: src/config/SSSDConfig/sssdoptions.py:427
-+msgid "krbLastPwdChange attribute"
-+msgstr "Attribut krbLastPwdChange"
-
--#~ msgid "Idle time before automatic shutdown of the responder"
--#~ msgstr "Temps d'inactivité avant l'arrêt automatique du répondeur"
-+#: src/config/SSSDConfig/sssdoptions.py:428
-+msgid "krbPasswordExpiration attribute"
-+msgstr "Attribut krbPasswordExpiration"
-
--#~ msgid "Always query all the caches before querying the Data Providers"
--#~ msgstr ""
--#~ "Interrogez toujours tous les caches avant d'interroger les fournisseurs "
--#~ "de données"
-+#: src/config/SSSDConfig/sssdoptions.py:429
-+msgid "Attribute indicating that server side password policies are active"
-+msgstr ""
-+"Attribut indiquant que la stratégie de mot de passe du serveur est active"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:430
-+msgid "accountExpires attribute of AD"
-+msgstr "Attribut AD accountExpires"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:431
-+msgid "userAccountControl attribute of AD"
-+msgstr "Attribut AD userAccountControl"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:432
-+msgid "nsAccountLock attribute"
-+msgstr "Attribut nsAccountLock"
-
--#~ msgid "SSSD Services to start"
--#~ msgstr "Services SSSD à démarrer"
-+#: src/config/SSSDConfig/sssdoptions.py:433
-+msgid "loginDisabled attribute of NDS"
-+msgstr "Attribut NDS loginDisabled"
-
--#~ msgid "SSSD Domains to start"
--#~ msgstr "Domaines SSSD à démarrer"
-+#: src/config/SSSDConfig/sssdoptions.py:434
-+msgid "loginExpirationTime attribute of NDS"
-+msgstr "Attribut NDS loginExpirationTime"
-
--#~ msgid "Timeout for messages sent over the SBUS"
--#~ msgstr "Délai d'attente pour les messages à envoyer à travers SBUS"
-+#: src/config/SSSDConfig/sssdoptions.py:435
-+msgid "loginAllowedTimeMap attribute of NDS"
-+msgstr "Attribut NDS loginAllowedTimeMap"
-
--#~ msgid "Regex to parse username and domain"
--#~ msgstr ""
--#~ "Expression rationnelle d'analyse des noms d'utilisateur et de domaine"
-+#: src/config/SSSDConfig/sssdoptions.py:436
-+msgid "SSH public key attribute"
-+msgstr "Attribut de clé public SSH"
-
--#~ msgid "Printf-compatible format for displaying fully-qualified names"
--#~ msgstr ""
--#~ "Format compatible printf d'affichage des noms complétement qualifiés"
-+#: src/config/SSSDConfig/sssdoptions.py:437
-+msgid "attribute listing allowed authentication types for a user"
-+msgstr ""
-+"attribut énumérant les types d'authentification autorisés pour un "
-+"utilisateur"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:438
-+msgid "attribute containing the X509 certificate of the user"
-+msgstr "attribut contenant le certificat X509 de l'utilisateur"
-
--#~ msgid ""
--#~ "Directory on the filesystem where SSSD should store Kerberos replay cache "
--#~ "files."
--#~ msgstr ""
--#~ "Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
--#~ "relecture de Kerberos."
-+#: src/config/SSSDConfig/sssdoptions.py:439
-+msgid "attribute containing the email address of the user"
-+msgstr "attribut contenant l’adresse email de l'utilisateur"
-
--#~ msgid "Domain to add to names without a domain component."
--#~ msgstr "Domaine à ajouter aux noms sans composant de nom de domaine."
-+#: src/config/SSSDConfig/sssdoptions.py:440
-+msgid "A list of extra attributes to download along with the user entry"
-+msgstr ""
-+"Une liste des attributs supplémentaires à télécharger avec l'entrée de "
-+"l'utilisateur"
-
--#~ msgid "The user to drop privileges to"
--#~ msgstr "L'utilisation vers lequel abandonner les privilèges"
-+#: src/config/SSSDConfig/sssdoptions.py:442
-+msgid "Base DN for group lookups"
-+msgstr "DN de base pour les recherches de groupes"
-
--#~ msgid "Tune certificate verification"
--#~ msgstr "Régler la vérification du certificat"
-+#: src/config/SSSDConfig/sssdoptions.py:443
-+msgid "Objectclass for groups"
-+msgstr "Classe d'objet pour les groupes"
-
--#~ msgid ""
--#~ "All spaces in group or user names will be replaced with this character"
--#~ msgstr ""
--#~ "Tous les espaces dans les noms de groupes ou d'utilisateurs seront "
--#~ "remplacés par ce caractère"
-+#: src/config/SSSDConfig/sssdoptions.py:444
-+msgid "Group name"
-+msgstr "Nom du groupe"
-
--#~ msgid "Tune sssd to honor or ignore netlink state changes"
--#~ msgstr ""
--#~ "Régler sssd pour honorer ou ignorer les changements d'état du netlink"
-+#: src/config/SSSDConfig/sssdoptions.py:445
-+msgid "Group password"
-+msgstr "Mot de passe du groupe"
-
--#~ msgid "Enable or disable the implicit files domain"
--#~ msgstr "Activer ou désactiver le domaine des fichiers implicites"
-+#: src/config/SSSDConfig/sssdoptions.py:446
-+msgid "GID attribute"
-+msgstr "Attribut GID"
-
--#~ msgid "A specific order of the domains to be looked up"
--#~ msgstr "Un ordre spécifique des domaines à rechercher"
-+#: src/config/SSSDConfig/sssdoptions.py:447
-+msgid "Group member attribute"
-+msgstr "Attribut membre du groupe"
-
--#~ msgid "Enumeration cache timeout length (seconds)"
--#~ msgstr "Délai d'attente du cache d'énumération (en secondes)"
-+#: src/config/SSSDConfig/sssdoptions.py:448
-+msgid "Group UUID attribute"
-+msgstr "attribut de l'UUID du groupe"
-
--#~ msgid "Entry cache background update timeout length (seconds)"
--#~ msgstr ""
--#~ "Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en "
--#~ "secondes)"
-+#: src/config/SSSDConfig/sssdoptions.py:450
-+msgid "Modification time attribute for groups"
-+msgstr "Attribut de date de modification pour les groupes"
-
--#~ msgid "Negative cache timeout length (seconds)"
--#~ msgstr "Délai d'attente du cache négatif (en secondes)"
-+#: src/config/SSSDConfig/sssdoptions.py:451
-+msgid "Type of the group and other flags"
-+msgstr "Type de groupe et autres indicateurs"
-
--#~ msgid "Files negative cache timeout length (seconds)"
--#~ msgstr "Délai d'attente du cache négatif (en secondes)"
--
--#~ msgid "Users that SSSD should explicitly ignore"
--#~ msgstr "Utilisateurs que SSSD doit explicitement ignorer"
--
--#~ msgid "Groups that SSSD should explicitly ignore"
--#~ msgstr "Groupes que SSSD doit explicitement ignorer"
--
--#~ msgid "Should filtered users appear in groups"
--#~ msgstr "Les utilisateurs filtrés doivent-ils apparaître dans les groupes"
--
--#~ msgid "The value of the password field the NSS provider should return"
--#~ msgstr ""
--#~ "Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer"
--
--#~ msgid "Override homedir value from the identity provider with this value"
--#~ msgstr ""
--#~ "Remplacer par cette valeur celle du répertoire personnel obtenu avec le "
--#~ "fournisseur d'identité"
--
--#~ msgid ""
--#~ "Substitute empty homedir value from the identity provider with this value"
--#~ msgstr ""
--#~ "Substitution de la valeur homedir vide du fournisseur d'identité avec "
--#~ "cette valeur"
-+#: src/config/SSSDConfig/sssdoptions.py:452
-+msgid "The LDAP group external member attribute"
-+msgstr "L'attribut de membre externe du groupe LDAP"
-
--#~ msgid "Override shell value from the identity provider with this value"
--#~ msgstr ""
--#~ "Écraser le shell donné par le fournisseur d'identité avec cette valeur"
-+#: src/config/SSSDConfig/sssdoptions.py:453
-+msgid "Maximum nesting level SSSD will follow"
-+msgstr "Le niveau d'imbrication maximal du SSSD suivra"
-
--#~ msgid "The list of shells users are allowed to log in with"
--#~ msgstr ""
--#~ "Liste des interpréteurs de commandes utilisateurs autorisés pour se "
--#~ "connecter"
--
--#~ msgid ""
--#~ "The list of shells that will be vetoed, and replaced with the fallback "
--#~ "shell"
--#~ msgstr ""
--#~ "Liste des interpréteurs de commandes bannis et remplacés par celui par "
--#~ "défaut"
--
--#~ msgid ""
--#~ "If a shell stored in central directory is allowed but not available, use "
--#~ "this fallback"
--#~ msgstr ""
--#~ "Si un interpréteur de commandes stocké dans l'annuaire central est "
--#~ "autorisé mais indisponible, utiliser à défaut celui-ci"
--
--#~ msgid "Shell to use if the provider does not list one"
--#~ msgstr "Shell à utiliser si le fournisseur n'en propose aucun"
--
--#~ msgid "How long will be in-memory cache records valid"
--#~ msgstr "Durée de maintien en cache des enregistrements valides"
--
--#~ msgid "List of user attributes the NSS responder is allowed to publish"
--#~ msgstr ""
--#~ "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
--
--#~ msgid "How long to allow cached logins between online logins (days)"
--#~ msgstr ""
--#~ "Délai pendant lequel les connexions utilisant le cache sont autorisées "
--#~ "entre deux connexions en ligne (en jours)"
--
--#~ msgid "How many failed logins attempts are allowed when offline"
--#~ msgstr "Nombre d'échecs de connexions hors-ligne autorisés"
--
--#~ msgid ""
--#~ "How long (minutes) to deny login after offline_failed_login_attempts has "
--#~ "been reached"
--#~ msgstr ""
--#~ "Durée d'interdiction de connexion après que offline_failed_login_attempts "
--#~ "est atteint (en minutes)"
--
--#~ msgid ""
--#~ "What kind of messages are displayed to the user during authentication"
--#~ msgstr ""
--#~ "Quels types de messages sont affichés à l'utilisateur pendant "
--#~ "l'authentification"
--
--#~ msgid "Filter PAM responses sent to the pam_sss"
--#~ msgstr "Filtrez les réponses PAM envoyées à l'adresse pam_sss"
--
--#~ msgid ""
--#~ "How many seconds to keep identity information cached for PAM requests"
--#~ msgstr ""
--#~ "Durée en secondes pendant laquelle les informations d'identité sont "
--#~ "gardées en cache pour les requêtes PAM"
--
--#~ msgid ""
--#~ "How many days before password expiration a warning should be displayed"
--#~ msgstr ""
--#~ "Nombre de jours précédent l'expiration du mot de passe avant lesquels un "
--#~ "avertissement doit être affiché"
--
--#~ msgid "List of trusted uids or user's name"
--#~ msgstr "Liste des uid ou noms d'utilisateurs dignes de confiance"
--
--#~ msgid "List of domains accessible even for untrusted users."
--#~ msgstr ""
--#~ "Liste des domaines accessibles y compris par les utilisateurs non dignes "
--#~ "de confiance"
--
--#~ msgid "Message printed when user account is expired."
--#~ msgstr "Message affiché lorsque le compte a expiré"
--
--#~ msgid "Message printed when user account is locked."
--#~ msgstr "Message affiché lorsque le compte a expiré"
--
--#~ msgid "Allow certificate based/Smartcard authentication."
--#~ msgstr "Autoriser l'authentification par certificat/carte à puce."
--
--#~ msgid "Path to certificate database with PKCS#11 modules."
--#~ msgstr ""
--#~ "Chemin d'accès à la base de données des certificats des modules PKCS#11."
--
--#~ msgid "How many seconds will pam_sss wait for p11_child to finish"
--#~ msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child"
--
--#~ msgid "Which PAM services are permitted to contact application domains"
--#~ msgstr ""
--#~ "Quels services PAM sont autorisés à contacter les domaines d'application"
--
--#~ msgid "Allowed services for using smartcards"
--#~ msgstr "Services autorisés pour l'utilisation de cartes à puce"
--
--#~ msgid "Additional timeout to wait for a card if requested"
--#~ msgstr ""
--#~ "Délai d'attente supplémentaire pour l'obtention d'une carte si demandé"
--
--#~ msgid ""
--#~ "PKCS#11 URI to restrict the selection of devices for Smartcard "
--#~ "authentication"
--#~ msgstr ""
--#~ "URI PKCS#11 pour limiter la sélection des périphériques pour "
--#~ "l'authentification par carte à puce"
--
--#~ msgid "Whether to evaluate the time-based attributes in sudo rules"
--#~ msgstr ""
--#~ "Faut-il évaluer les attributs dépendants du temps dans les règles sudo"
--
--#~ msgid "If true, SSSD will switch back to lower-wins ordering logic"
--#~ msgstr "Si sur true, SSSD repasse en logique de commande à faible gain"
--
--#~ msgid ""
--#~ "Maximum number of rules that can be refreshed at once. If this is "
--#~ "exceeded, full refresh is performed."
--#~ msgstr ""
--#~ "Nombre maximum de règles pouvant être rafraîchies en même temps. En cas "
--#~ "de dépassement, un rafraîchissement complet est effectué."
--
--#~ msgid "Whether to hash host names and addresses in the known_hosts file"
--#~ msgstr ""
--#~ "Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
--
--#~ msgid ""
--#~ "How many seconds to keep a host in the known_hosts file after its host "
--#~ "keys were requested"
--#~ msgstr ""
--#~ "Le nombre de secondes pour garder un hôte dans le fichier known_hosts "
--#~ "après que ses clés d'hôte ont été demandées"
--
--#~ msgid "Path to storage of trusted CA certificates"
--#~ msgstr "Chemin d'accès au stockage des certificats d'AC de confiance"
--
--#~ msgid "Allow to generate ssh-keys from certificates"
--#~ msgstr "Permet de générer des ssh-keys à partir de certificats"
--
--#~ msgid ""
--#~ "Use the following matching rules to filter the certificates for ssh-key "
--#~ "generation"
--#~ msgstr ""
--#~ "Utilisez les règles de correspondance suivantes pour filtrer les "
--#~ "certificats pour la génération de clés ssh"
--
--#~ msgid "List of UIDs or user names allowed to access the PAC responder"
--#~ msgstr ""
--#~ "Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur PAC"
--
--#~ msgid "How long the PAC data is considered valid"
--#~ msgstr "Durée de validité des données du PAC"
--
--#~ msgid "List of UIDs or user names allowed to access the InfoPipe responder"
--#~ msgstr ""
--#~ "Listes des UID ou nom d'utilisateurs autorisés à accéder le répondeur "
--#~ "InfoPipe"
--
--#~ msgid "List of user attributes the InfoPipe is allowed to publish"
--#~ msgstr ""
--#~ "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
--
--#~ msgid "The provider where the secrets will be stored in"
--#~ msgstr "Le fournisseur où les secrets seront stockés"
-+#: src/config/SSSDConfig/sssdoptions.py:454
-+msgid "Filter for group lookups"
-+msgstr ""
-
--#~ msgid "The maximum allowed number of nested containers"
--#~ msgstr "Le nombre maximal de conteneurs imbriqués autorisés"
-+#: src/config/SSSDConfig/sssdoptions.py:455
-+msgid "Scope of group lookups"
-+msgstr ""
-
--#~ msgid "The maximum number of secrets that can be stored"
--#~ msgstr "Le nombre maximum de secrets qui peuvent être stockés"
-+#: src/config/SSSDConfig/sssdoptions.py:457
-+msgid "Base DN for netgroup lookups"
-+msgstr "DN de base pour les recherches de netgroup"
-
--#~ msgid "The maximum number of secrets that can be stored per UID"
--#~ msgstr "Le nombre maximum de secrets qui peuvent être stockés par UID"
-+#: src/config/SSSDConfig/sssdoptions.py:458
-+msgid "Objectclass for netgroups"
-+msgstr "Classe d'objet pour les groupes réseau"
-
--#~ msgid "The maximum payload size of a secret in kilobytes"
--#~ msgstr "La taille maximale de la charge utile d'un secret en kilo-octets"
-+#: src/config/SSSDConfig/sssdoptions.py:459
-+msgid "Netgroup name"
-+msgstr "Nom du groupe réseau"
-
--#~ msgid "The URL Custodia server is listening on"
--#~ msgstr "L'URL du serveur Custodia est en écoute sur"
-+#: src/config/SSSDConfig/sssdoptions.py:460
-+msgid "Netgroups members attribute"
-+msgstr "Attribut des membres des groupes réseau"
-
--#~ msgid "The method to use when authenticating to a Custodia server"
--#~ msgstr ""
--#~ "La méthode à utiliser lors de l'authentification via un serveur Custodia"
-+#: src/config/SSSDConfig/sssdoptions.py:461
-+msgid "Netgroup triple attribute"
-+msgstr "Attribut triplet du groupe réseau"
-
--#~ msgid ""
--#~ "The name of the headers that will be added into a HTTP request with the "
--#~ "value defined in auth_header_value"
--#~ msgstr ""
--#~ "Le nom des en-têtes qui seront ajoutés dans une requête HTTP avec la "
--#~ "valeur définie dans auth_header_value"
-+#: src/config/SSSDConfig/sssdoptions.py:462
-+msgid "Modification time attribute for netgroups"
-+msgstr "Attribut date de modification pour les groupes réseau"
-
--#~ msgid "The value sssd-secrets would use for auth_header_name"
--#~ msgstr "La valeur que sssd-secrets utiliseraient pour auth_header_name"
-+#: src/config/SSSDConfig/sssdoptions.py:464
-+msgid "Base DN for service lookups"
-+msgstr "Nom de domaine (DN) de base pour les recherches de service"
-
--#~ msgid ""
--#~ "The list of the headers to forward to the Custodia server together with "
--#~ "the request"
--#~ msgstr ""
--#~ "La liste des en-têtes à transmettre au serveur Custodia avec la requête"
-+#: src/config/SSSDConfig/sssdoptions.py:465
-+msgid "Objectclass for services"
-+msgstr "Classe objet pour les services"
-
--#~ msgid ""
--#~ "The username to use when authenticating to a Custodia server using "
--#~ "basic_auth"
--#~ msgstr ""
--#~ "La méthode à utiliser lors de l'authentification via un serveur Custodia "
--#~ "utilisant basic_auth"
-+#: src/config/SSSDConfig/sssdoptions.py:466
-+msgid "Service name attribute"
-+msgstr "Attribut de nom de service"
-
--#~ msgid ""
--#~ "The password to use when authenticating to a Custodia server using "
--#~ "basic_auth"
--#~ msgstr ""
--#~ "La méthode à utiliser lors de l'authentification via un serveur Custodia "
--#~ "utilisant basic_auth"
--
--#~ msgid ""
--#~ "If true peer's certificate is verified if proxy_url uses https protocol"
--#~ msgstr ""
--#~ "Le certificat pair true est vérifié si proxy_url utilise le protocole "
--#~ "https"
--
--#~ msgid ""
--#~ "If false peer's certificate may contain different hostname than proxy_url "
--#~ "when https protocol is used"
--#~ msgstr ""
--#~ "Le certificat pair false peut contenir un nom d'hôte différent de "
--#~ "proxy_url lorsque le protocole https est utilisé"
--
--#~ msgid ""
--#~ "Path to directory where certificate authority certificates are stored"
--#~ msgstr "Chemin d'accès au répertoire où sont stockés les certificats CA"
-+#: src/config/SSSDConfig/sssdoptions.py:467
-+msgid "Service port attribute"
-+msgstr "Attribut de port du service"
-
--#~ msgid "Path to file containing server's CA certificate"
--#~ msgstr "Chemin d'accès au fichier contenant le certificat CA du serveur"
-+#: src/config/SSSDConfig/sssdoptions.py:468
-+msgid "Service protocol attribute"
-+msgstr "Attribut de service du protocole"
-
--#~ msgid "Path to file containing client's certificate"
--#~ msgstr "Chemin d'accès au fichier contenant le certificat du client"
-+#: src/config/SSSDConfig/sssdoptions.py:470
-+msgid "Lower bound for ID-mapping"
-+msgstr "Limite inférieure pour la correspondance d'ID"
-
--#~ msgid "Path to file containing client's private key"
--#~ msgstr "Chemin d'accès au fichier contenant la clé privée du client"
-+#: src/config/SSSDConfig/sssdoptions.py:471
-+msgid "Upper bound for ID-mapping"
-+msgstr "Limite supérieure pour la correspondance d'ID"
-
--#~ msgid "Identity provider"
--#~ msgstr "Fournisseur d'identité"
-+#: src/config/SSSDConfig/sssdoptions.py:472
-+msgid "Number of IDs for each slice when ID-mapping"
-+msgstr "Nombre d'ID par tranche pour la correspondance d'ID"
-
--#~ msgid "Authentication provider"
--#~ msgstr "Fournisseur d'authentification"
-+#: src/config/SSSDConfig/sssdoptions.py:473
-+msgid "Use autorid-compatible algorithm for ID-mapping"
-+msgstr ""
-+"Utilisation d'un algorithme compatible autorid pour la correspondance d'ID"
-
--#~ msgid "Access control provider"
--#~ msgstr "Fournisseur de contrôle d'accès"
-+#: src/config/SSSDConfig/sssdoptions.py:474
-+msgid "Name of the default domain for ID-mapping"
-+msgstr "Nom du domaine par défaut pour la correspondance d'ID"
-
--#~ msgid "Password change provider"
--#~ msgstr "Fournisseur de changement de mot de passe"
-+#: src/config/SSSDConfig/sssdoptions.py:475
-+msgid "SID of the default domain for ID-mapping"
-+msgstr "SID du domaine par défaut pour la correspondance d'ID"
-
--#~ msgid "SUDO provider"
--#~ msgstr "Fournisseur SUDO"
-+#: src/config/SSSDConfig/sssdoptions.py:476
-+msgid "Number of secondary slices"
-+msgstr "Nombre de tranches secondaires"
-
--#~ msgid "Autofs provider"
--#~ msgstr "Fournisseur autofs"
-+#: src/config/SSSDConfig/sssdoptions.py:478
-+msgid "Whether to use Token-Groups"
-+msgstr "Choisir d'utiliser ou non les groupes de jetons"
-
--#~ msgid "Host identity provider"
--#~ msgstr "Fournisseur d'identité de l'hôte"
-+#: src/config/SSSDConfig/sssdoptions.py:479
-+msgid "Set lower boundary for allowed IDs from the LDAP server"
-+msgstr ""
-+"Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP"
-
--#~ msgid "SELinux provider"
--#~ msgstr "Fournisseur SELinux"
-+#: src/config/SSSDConfig/sssdoptions.py:480
-+msgid "Set upper boundary for allowed IDs from the LDAP server"
-+msgstr ""
-+"Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP"
-
--#~ msgid "Session management provider"
--#~ msgstr "Fournisseur de gestion de session"
-+#: src/config/SSSDConfig/sssdoptions.py:481
-+msgid "DN for ppolicy queries"
-+msgstr "DN pour les requêtes sur ppolicy"
-
--#~ msgid "Whether the domain is usable by the OS or by applications"
--#~ msgstr "Si le domaine est utilisable par l'OS ou par des applications"
-+#: src/config/SSSDConfig/sssdoptions.py:482
-+msgid "How many maximum entries to fetch during a wildcard request"
-+msgstr "Combien d'entrées maximum à récupérer lors d'une demande de wildcard"
-
--#~ msgid "Minimum user ID"
--#~ msgstr "Identifiant utilisateur minimum"
-+#: src/config/SSSDConfig/sssdoptions.py:485
-+msgid "Policy to evaluate the password expiration"
-+msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
-
--#~ msgid "Maximum user ID"
--#~ msgstr "Identifiant utilisateur maximum"
-+#: src/config/SSSDConfig/sssdoptions.py:489
-+msgid "Which attributes shall be used to evaluate if an account is expired"
-+msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
-
--#~ msgid "Enable enumerating all users/groups"
--#~ msgstr "Activer l'énumération de tous les utilisateurs/groupes"
-+#: src/config/SSSDConfig/sssdoptions.py:490
-+msgid "Which rules should be used to evaluate access control"
-+msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
-
--#~ msgid "Cache credentials for offline login"
--#~ msgstr "Mettre en cache les crédits pour une connexion hors-ligne"
-+#: src/config/SSSDConfig/sssdoptions.py:493
-+msgid "URI of an LDAP server where password changes are allowed"
-+msgstr ""
-+"URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
-
--#~ msgid "Display users/groups in fully-qualified form"
--#~ msgstr ""
--#~ "Afficher les utilisateurs/groupes dans un format complétement qualifié"
-+#: src/config/SSSDConfig/sssdoptions.py:494
-+msgid "URI of a backup LDAP server where password changes are allowed"
-+msgstr ""
-+"URI d'un serveur LDAP de secours où sont autorisées les modifications de mot "
-+"de passe"
-
--#~ msgid "Don't include group members in group lookups"
--#~ msgstr ""
--#~ "Ne pas inclure les membres des groupes dans les recherches de groupes."
-+#: src/config/SSSDConfig/sssdoptions.py:495
-+msgid "DNS service name for LDAP password change server"
-+msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
-
--#~ msgid "Entry cache timeout length (seconds)"
--#~ msgstr "Durée de validité des entrées en cache (en secondes)"
-+#: src/config/SSSDConfig/sssdoptions.py:496
-+msgid ""
-+"Whether to update the ldap_user_shadow_last_change attribute after a "
-+"password change"
-+msgstr ""
-+"Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un "
-+"changement de mot de passe"
-
--#~ msgid ""
--#~ "Restrict or prefer a specific address family when performing DNS lookups"
--#~ msgstr ""
--#~ "Restreindre ou préférer une famille d'adresses lors des recherches DNS"
-+#: src/config/SSSDConfig/sssdoptions.py:500
-+msgid "Base DN for sudo rules lookups"
-+msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
-
--#~ msgid "How long to keep cached entries after last successful login (days)"
--#~ msgstr ""
--#~ "Durée de validité des entrées en cache après la dernière connexion "
--#~ "réussie (en jours)"
-+#: src/config/SSSDConfig/sssdoptions.py:501
-+msgid "Automatic full refresh period"
-+msgstr "Périodicité de rafraichissement total"
-
--#~ msgid ""
--#~ "How long should SSSD talk to single DNS server before trying next server "
--#~ "(miliseconds)"
--#~ msgstr ""
--#~ "Combien de temps le SSSD doit-il parler à un seul serveur DNS avant "
--#~ "d'essayer le serveur suivant (en millisecondes)"
-+#: src/config/SSSDConfig/sssdoptions.py:502
-+msgid "Automatic smart refresh period"
-+msgstr "Périodicité de rafraichissement intelligent"
-
--#~ msgid "How long should keep trying to resolve single DNS query (seconds)"
--#~ msgstr ""
--#~ "Combien de temps faut-il continuer à essayer de résoudre une seule "
--#~ "requête DNS (en secondes)"
-+#: src/config/SSSDConfig/sssdoptions.py:503
-+msgid "Whether to filter rules by hostname, IP addresses and network"
-+msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux"
-
--#~ msgid ""
--#~ "How long to wait for replies from DNS when resolving servers (seconds)"
--#~ msgstr ""
--#~ "Délai d'attente des réponses du DNS lors de la résolution des serveurs "
--#~ "(en secondes)"
-+#: src/config/SSSDConfig/sssdoptions.py:504
-+msgid ""
-+"Hostnames and/or fully qualified domain names of this machine to filter sudo "
-+"rules"
-+msgstr ""
-+"Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour "
-+"filtrer les règles sudo"
-
--#~ msgid "The domain part of service discovery DNS query"
--#~ msgstr "La partie domaine de la requête de découverte de service DNS"
-+#: src/config/SSSDConfig/sssdoptions.py:505
-+msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
-+msgstr ""
-+"Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles "
-+"sudo"
-
--#~ msgid "Override GID value from the identity provider with this value"
--#~ msgstr ""
--#~ "Écraser la valeur du GID du fournisseur d'identité avec cette valeur"
-+#: src/config/SSSDConfig/sssdoptions.py:506
-+msgid "Whether to include rules that contains netgroup in host attribute"
-+msgstr ""
-+"Inclure ou non les règles qui contiennent un netgroup dans l'attribut host"
-
--#~ msgid "Treat usernames as case sensitive"
--#~ msgstr "Considère les noms d'utilisateur comme casse dépendant"
-+#: src/config/SSSDConfig/sssdoptions.py:507
-+msgid ""
-+"Whether to include rules that contains regular expression in host attribute"
-+msgstr ""
-+"Inclure ou non les règles qui contiennent une expression rationnelle dans "
-+"l'attribut host"
-
--#~ msgid "How often should expired entries be refreshed in background"
--#~ msgstr "Fréquence de rafraîchissement en arrière plan des entrées expirées"
-+#: src/config/SSSDConfig/sssdoptions.py:508
-+msgid "Object class for sudo rules"
-+msgstr "Classe objet pour les règles sudo"
-
--#~ msgid "Whether to automatically update the client's DNS entry"
--#~ msgstr "Choisir de mettre à jour automatiquement l'entrée DNS du client"
-+#: src/config/SSSDConfig/sssdoptions.py:509
-+msgid "Name of attribute that is used as object class for sudo rules"
-+msgstr ""
-+"Nom de l'attribut qui est utilisé comme classe d'objet pour les règles sudo"
-
--#~ msgid "The TTL to apply to the client's DNS entry after updating it"
--#~ msgstr "Le TTL à appliquer à l'entrée DNS du client après modification"
-+#: src/config/SSSDConfig/sssdoptions.py:510
-+msgid "Sudo rule name"
-+msgstr "Règle de nom sudo"
-
--#~ msgid "The interface whose IP should be used for dynamic DNS updates"
--#~ msgstr ""
--#~ "L'interface dont l'adresse IP doit être utilisée pour les mises à jour "
--#~ "dynamiques du DNS"
-+#: src/config/SSSDConfig/sssdoptions.py:511
-+msgid "Sudo rule command attribute"
-+msgstr "Attribut de commande de règle sudo"
-
--#~ msgid "How often to periodically update the client's DNS entry"
--#~ msgstr "Fréquence de mise à jour automatique de l'entrée DNS du client"
-+#: src/config/SSSDConfig/sssdoptions.py:512
-+msgid "Sudo rule host attribute"
-+msgstr "Attribut hôte de la règle sudo"
-
--#~ msgid "Whether the provider should explicitly update the PTR record as well"
--#~ msgstr ""
--#~ "Selon que le fournisseur doit aussi ou non mettre à jour explicitement "
--#~ "l'enregistrement PTR"
-+#: src/config/SSSDConfig/sssdoptions.py:513
-+msgid "Sudo rule user attribute"
-+msgstr "Attribut utilisateur de la règle sudo"
-
--#~ msgid "Whether the nsupdate utility should default to using TCP"
--#~ msgstr "Selon que l'utilitaire nsupdate doit utiliser TCP par défaut"
-+#: src/config/SSSDConfig/sssdoptions.py:514
-+msgid "Sudo rule option attribute"
-+msgstr "Attribut option de la règle sudo"
-
--#~ msgid "What kind of authentication should be used to perform the DNS update"
--#~ msgstr ""
--#~ "Quel type d'authentification doit être utilisée pour effectuer la mise à "
--#~ "jour DNS"
-+#: src/config/SSSDConfig/sssdoptions.py:515
-+msgid "Sudo rule runas attribute"
-+msgstr "Attribut de règle sudo runas"
-
--#~ msgid "Override the DNS server used to perform the DNS update"
--#~ msgstr ""
--#~ "Remplace le serveur DNS utilisé pour effectuer la mise à jour du DNS"
-+#: src/config/SSSDConfig/sssdoptions.py:516
-+msgid "Sudo rule runasuser attribute"
-+msgstr "Attribut runasuser de la règle sudo"
-
--#~ msgid "Control enumeration of trusted domains"
--#~ msgstr "Contrôle l'énumération des domaines approuvés"
-+#: src/config/SSSDConfig/sssdoptions.py:517
-+msgid "Sudo rule runasgroup attribute"
-+msgstr "Attribut runasgroup de la règle sudo"
-
--#~ msgid "How often should subdomains list be refreshed"
--#~ msgstr "Fréquence de rafraîchissement des sous-domaines"
-+#: src/config/SSSDConfig/sssdoptions.py:518
-+msgid "Sudo rule notbefore attribute"
-+msgstr "Attribut notbefore de la règle sudo"
-
--#~ msgid "List of options that should be inherited into a subdomain"
--#~ msgstr "Listes des options qui doivent être héritées dans le sous-domaine"
-+#: src/config/SSSDConfig/sssdoptions.py:519
-+msgid "Sudo rule notafter attribute"
-+msgstr "Attribut notafter de règle sudo"
-
--#~ msgid "Default subdomain homedir value"
--#~ msgstr "Valeur par défaut du sous-domaine homedir"
-+#: src/config/SSSDConfig/sssdoptions.py:520
-+msgid "Sudo rule order attribute"
-+msgstr "Attribut d'ordre de règle sudo"
-
--#~ msgid "How long can cached credentials be used for cached authentication"
--#~ msgstr ""
--#~ "Combien de temps les informations d'identification en cache peuvent-elles "
--#~ "être utilisées pour l'authentification en cache"
-+#: src/config/SSSDConfig/sssdoptions.py:523
-+msgid "Object class for automounter maps"
-+msgstr "Classe objet pour la carte de montage automatique"
-
--#~ msgid "Whether to automatically create private groups for users"
--#~ msgstr ""
--#~ "S'il faut créer automatiquement des groupes privés pour les utilisateurs"
-+#: src/config/SSSDConfig/sssdoptions.py:524
-+msgid "Automounter map name attribute"
-+msgstr "Nom de l'attribut de carte de montage automatique"
-
--#~ msgid "IPA domain"
--#~ msgstr "Domaine IPA"
-+#: src/config/SSSDConfig/sssdoptions.py:525
-+msgid "Object class for automounter map entries"
-+msgstr "Classe objet pour l'entrée de référence de montage automatique"
-
--#~ msgid "IPA server address"
--#~ msgstr "Adresse du serveur IPA"
-+#: src/config/SSSDConfig/sssdoptions.py:526
-+msgid "Automounter map entry key attribute"
-+msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
-
--#~ msgid "Address of backup IPA server"
--#~ msgstr "Adresse du serveur IPA de secours"
-+#: src/config/SSSDConfig/sssdoptions.py:527
-+msgid "Automounter map entry value attribute"
-+msgstr "Attribut de valeur pour la carte de montage automatique"
-
--#~ msgid "IPA client hostname"
--#~ msgstr "Nom de système du client IPA"
-+#: src/config/SSSDConfig/sssdoptions.py:528
-+msgid "Base DN for automounter map lookups"
-+msgstr "Base DN pour les requêtes de carte de montage automatique"
-
--#~ msgid "Whether to automatically update the client's DNS entry in FreeIPA"
--#~ msgstr ""
--#~ "Choisir de mettre à jour automatiquement l'entrée DNS du client dans "
--#~ "FreeIPA"
-+#: src/config/SSSDConfig/sssdoptions.py:529
-+msgid "The name of the automount master map in LDAP."
-+msgstr ""
-
--#~ msgid "Search base for HBAC related objects"
--#~ msgstr "Base de recherche pour les objets HBAC"
-+#: src/config/SSSDConfig/sssdoptions.py:532
-+msgid "Base DN for IP hosts lookups"
-+msgstr ""
-
--#~ msgid ""
--#~ "The amount of time between lookups of the HBAC rules against the IPA "
--#~ "server"
--#~ msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA"
-+#: src/config/SSSDConfig/sssdoptions.py:533
-+msgid "Object class for IP hosts"
-+msgstr ""
-
--#~ msgid ""
--#~ "The amount of time in seconds between lookups of the SELinux maps against "
--#~ "the IPA server"
--#~ msgstr "Délai entre les recherches de cartes SELinux sur le serveur IPA"
-+#: src/config/SSSDConfig/sssdoptions.py:534
-+msgid "IP host name attribute"
-+msgstr ""
-
--#~ msgid "If set to false, host argument given by PAM will be ignored"
--#~ msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré"
-+#: src/config/SSSDConfig/sssdoptions.py:535
-+msgid "IP host number (address) attribute"
-+msgstr ""
-
--#~ msgid "The automounter location this IPA client is using"
--#~ msgstr ""
--#~ "L'emplacement de la carte de montage automatique utilisée par le client "
--#~ "IPA"
-+#: src/config/SSSDConfig/sssdoptions.py:536
-+msgid "IP host entryUSN attribute"
-+msgstr ""
-
--#~ msgid "Search base for object containing info about IPA domain"
--#~ msgstr ""
--#~ "Base de recherche pour l'objet contenant les informations de base à "
--#~ "propos du domaine IPA"
-+#: src/config/SSSDConfig/sssdoptions.py:537
-+msgid "Base DN for IP networks lookups"
-+msgstr ""
-
--#~ msgid "Search base for objects containing info about ID ranges"
--#~ msgstr ""
--#~ "Base de recherche pour les objets contenant les informations à propos des "
--#~ "plages d'ID"
-+#: src/config/SSSDConfig/sssdoptions.py:538
-+msgid "Object class for IP networks"
-+msgstr ""
-
--#~ msgid "Enable DNS sites - location based service discovery"
--#~ msgstr ""
--#~ "Activer les sites DNS - découverte de service basée sur l'emplacement"
--
--#~ msgid "Search base for view containers"
--#~ msgstr "Base de recherche des conteneurs de vues"
--
--#~ msgid "Objectclass for view containers"
--#~ msgstr "Classe d'objet pour les conteneurs de vues"
--
--#~ msgid "Attribute with the name of the view"
--#~ msgstr "Attribut avec le nom de la vue"
--
--#~ msgid "Objectclass for override objects"
--#~ msgstr "Classe d'objet surchargeant les objets"
--
--#~ msgid "Attribute with the reference to the original object"
--#~ msgstr "Attribut faisant référence à l'objet originel "
--
--#~ msgid "Objectclass for user override objects"
--#~ msgstr "Classe d'objet surchargeant les utilisateurs"
--
--#~ msgid "Objectclass for group override objects"
--#~ msgstr "Classe d'objet surchargeant les groupes"
--
--#~ msgid "Search base for Desktop Profile related objects"
--#~ msgstr "Base de recherche pour les objets liés au Profil du Bureau"
--
--#~ msgid ""
--#~ "The amount of time in seconds between lookups of the Desktop Profile "
--#~ "rules against the IPA server"
--#~ msgstr ""
--#~ "Le temps, en secondes, entre les consultations des règles du profil du "
--#~ "bureau sur le serveur IPA"
--
--#~ msgid ""
--#~ "The amount of time in minutes between lookups of Desktop Profiles rules "
--#~ "against the IPA server when the last request did not find any rule"
--#~ msgstr ""
--#~ "Le temps en minutes entre les consultations des règles de profile de "
--#~ "bureau sur le serveur IPA lorsque la dernière requête n'a trouvé aucune "
--#~ "règle"
--
--#~ msgid "Active Directory domain"
--#~ msgstr "Domaine Active Directory"
--
--#~ msgid "Enabled Active Directory domains"
--#~ msgstr "Domaine d’Active Directory activés"
--
--#~ msgid "Active Directory server address"
--#~ msgstr "Adresse du serveur Active Directory"
--
--#~ msgid "Active Directory backup server address"
--#~ msgstr "Adresse du serveur Active Directory de secours"
--
--#~ msgid "Active Directory client hostname"
--#~ msgstr "Nom de système du client Active Directory"
--
--#~ msgid "LDAP filter to determine access privileges"
--#~ msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
--
--#~ msgid "Whether to use the Global Catalog for lookups"
--#~ msgstr "Choisir d'utiliser ou non le catalogue global pour les recherches"
--
--#~ msgid "Operation mode for GPO-based access control"
--#~ msgstr "Mode opératoire pour les contrôles d'accès basé sur les GPO"
--
--#~ msgid ""
--#~ "The amount of time between lookups of the GPO policy files against the AD "
--#~ "server"
--#~ msgstr ""
--#~ "Durée entre les recherches de fichiers de politiques de GPO dans le "
--#~ "serveur AD"
--
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
--#~ "settings"
--#~ msgstr ""
--#~ "Noms de services PAM correspondant à la configuration de la politique "
--#~ "(Deny)InteractiveLogonRight de la GPO"
-+#: src/config/SSSDConfig/sssdoptions.py:539
-+msgid "IP network name attribute"
-+msgstr ""
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
--#~ "policy settings"
--#~ msgstr ""
--#~ "Noms de services PAM correspondant à la configuration de la politique "
--#~ "(Deny)RemoteInteractiveLogonRight de la GPO"
-+#: src/config/SSSDConfig/sssdoptions.py:540
-+msgid "IP network number (address) attribute"
-+msgstr ""
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
--#~ "settings"
--#~ msgstr ""
--#~ "Noms de services PAM correspondant à la configuration de la politique "
--#~ "(Deny)NetworkLogonRight de la GPO"
-+#: src/config/SSSDConfig/sssdoptions.py:541
-+msgid "IP network entryUSN attribute"
-+msgstr ""
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)BatchLogonRight policy "
--#~ "settings"
--#~ msgstr ""
--#~ "Noms de services PAM correspondant à la configuration de la politique "
--#~ "(Deny)BatchLogonRight de la GPO"
-+#: src/config/SSSDConfig/sssdoptions.py:544
-+msgid "Comma separated list of allowed users"
-+msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
--#~ "settings"
--#~ msgstr ""
--#~ "Noms de services PAM correspondant à la configuration de la politique "
--#~ "(Deny)ServiceLogonRight de la GPO"
-+#: src/config/SSSDConfig/sssdoptions.py:545
-+msgid "Comma separated list of prohibited users"
-+msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
-
--#~ msgid "PAM service names for which GPO-based access is always granted"
--#~ msgstr ""
--#~ "Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
--#~ "toujours autorisés"
-+#: src/config/SSSDConfig/sssdoptions.py:546
-+msgid ""
-+"Comma separated list of groups that are allowed to log in. This applies only "
-+"to groups within this SSSD domain. Local groups are not evaluated."
-+msgstr ""
-
--#~ msgid "PAM service names for which GPO-based access is always denied"
--#~ msgstr ""
--#~ "Noms de services PAM pour lesquels les accès s'appuyant sur la GPO sont "
--#~ "toujours interdits"
-+#: src/config/SSSDConfig/sssdoptions.py:548
-+msgid ""
-+"Comma separated list of groups that are explicitly denied access. This "
-+"applies only to groups within this SSSD domain. Local groups are not "
-+"evaluated."
-+msgstr ""
-
--#~ msgid ""
--#~ "Default logon right (or permit/deny) to use for unmapped PAM service names"
--#~ msgstr ""
--#~ "Droit de connexion par défaut (ou permission/interdiction) à utiliser "
--#~ "pour les noms de services sans correspondance"
-+#: src/config/SSSDConfig/sssdoptions.py:552
-+msgid "Base for home directories"
-+msgstr "Base pour les répertoires utilisateur"
-
--#~ msgid "a particular site to be used by the client"
--#~ msgstr "un site particulier utilisé par le client"
-+#: src/config/SSSDConfig/sssdoptions.py:553
-+msgid "Indicate if a home directory should be created for new users."
-+msgstr ""
-
--#~ msgid ""
--#~ "Maximum age in days before the machine account password should be renewed"
--#~ msgstr ""
--#~ "Âge maximum en jours avant que le mot de passe du compte de la machine ne "
--#~ "soit renouvelé"
-+#: src/config/SSSDConfig/sssdoptions.py:554
-+msgid "Indicate if a home directory should be removed for deleted users."
-+msgstr ""
-
--#~ msgid "Option for tuning the machine account renewal task"
--#~ msgstr "Option de réglage de la tâche de renouvellement du compte machine"
-+#: src/config/SSSDConfig/sssdoptions.py:555
-+msgid "Specify the default permissions on a newly created home directory."
-+msgstr ""
-
--#~ msgid "Kerberos server address"
--#~ msgstr "Adresse du serveur Kerberos"
-+#: src/config/SSSDConfig/sssdoptions.py:556
-+msgid "The skeleton directory."
-+msgstr ""
-
--#~ msgid "Kerberos backup server address"
--#~ msgstr "Adresse du serveur Kerberos de secours"
-+#: src/config/SSSDConfig/sssdoptions.py:557
-+msgid "The mail spool directory."
-+msgstr ""
-
--#~ msgid "Kerberos realm"
--#~ msgstr "Domaine Kerberos"
-+#: src/config/SSSDConfig/sssdoptions.py:558
-+msgid "The command that is run after a user is removed."
-+msgstr ""
-
--#~ msgid "Authentication timeout"
--#~ msgstr "Délai avant expiration de l'authentification"
-+#: src/config/SSSDConfig/sssdoptions.py:561
-+msgid "The number of preforked proxy children."
-+msgstr "Le nombre d'enfants proxy pré-fourche."
-
--#~ msgid "Whether to create kdcinfo files"
--#~ msgstr "Choisir de créer ou non les fichiers kdcinfo"
-+#: src/config/SSSDConfig/sssdoptions.py:564
-+msgid "The name of the NSS library to use"
-+msgstr "Nom de la bibliothèque NSS à utiliser"
-
--#~ msgid "Where to drop krb5 config snippets"
--#~ msgstr "Où déposer les extraits de configuration krb5"
-+#: src/config/SSSDConfig/sssdoptions.py:565
-+msgid "The name of the NSS library to use for hosts and networks lookups"
-+msgstr ""
-
--#~ msgid "Directory to store credential caches"
--#~ msgstr "Répertoire pour stocker les caches de crédits"
-+#: src/config/SSSDConfig/sssdoptions.py:566
-+msgid "Whether to look up canonical group name from cache if possible"
-+msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
-
--#~ msgid "Location of the user's credential cache"
--#~ msgstr "Emplacement du cache de crédits de l'utilisateur"
-+#: src/config/SSSDConfig/sssdoptions.py:569
-+msgid "PAM stack to use"
-+msgstr "Pile PAM à utiliser"
-
--#~ msgid "Location of the keytab to validate credentials"
--#~ msgstr "Emplacement du fichier keytab de validation des crédits"
-+#: src/config/SSSDConfig/sssdoptions.py:572
-+msgid "Path of passwd file sources."
-+msgstr "Chemin des sources des fichiers passwd."
-
--#~ msgid "Enable credential validation"
--#~ msgstr "Activer la validation des crédits"
-+#: src/config/SSSDConfig/sssdoptions.py:573
-+msgid "Path of group file sources."
-+msgstr "Chemin des sources des fichiers de groupe."
-
--#~ msgid "Store password if offline for later online authentication"
--#~ msgstr ""
--#~ "Stocker le mot de passe, si hors-ligne, pour une authentification "
--#~ "ultérieure en ligne"
-+#: src/monitor/monitor.c:2371
-+msgid "Become a daemon (default)"
-+msgstr "Devenir un démon (par défaut)"
-
--#~ msgid "Renewable lifetime of the TGT"
--#~ msgstr "Durée de vie renouvelable du TGT"
-+#: src/monitor/monitor.c:2373
-+msgid "Run interactive (not a daemon)"
-+msgstr "Fonctionner en interactif (non démon)"
-
--#~ msgid "Lifetime of the TGT"
--#~ msgstr "Durée de vie du TGT"
-+#: src/monitor/monitor.c:2376
-+msgid "Disable netlink interface"
-+msgstr "Désactiver l'interface netlink"
-
--#~ msgid "Time between two checks for renewal"
--#~ msgstr "Durée entre deux vérifications pour le renouvellement"
-+#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_config.c:77
-+#: src/tools/sssctl/sssctl_logs.c:310
-+msgid "Specify a non-default config file"
-+msgstr "Définir un fichier de configuration différent de celui par défaut"
-
--#~ msgid "Enables FAST"
--#~ msgstr "Active FAST"
-+#: src/monitor/monitor.c:2380
-+msgid "Refresh the configuration database, then exit"
-+msgstr "Rafraîchissez la base de données de configuration, puis quittez"
-
--#~ msgid "Selects the principal to use for FAST"
--#~ msgstr "Sélectionne le principal à utiliser avec FAST"
-+#: src/monitor/monitor.c:2383
-+msgid "Similar to --genconf, but only refreshes the given section"
-+msgstr "Semblable à --genconf, mais ne rafraîchit que la section donnée"
-
--#~ msgid "Enables principal canonicalization"
--#~ msgstr "Active la canonisation du principal"
-+#: src/monitor/monitor.c:2386
-+msgid "Print version number and exit"
-+msgstr "Afficher le numéro de version et quitte"
-
--#~ msgid "Enables enterprise principals"
--#~ msgstr "Active les principals d'entreprise"
-+#: src/monitor/monitor.c:2532
-+msgid "SSSD is already running\n"
-+msgstr "SSSD est déjà en cours d'exécution\n"
-
--#~ msgid "A mapping from user names to Kerberos principal names"
--#~ msgstr ""
--#~ "Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos"
-+#: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
-+msgid "Debug level"
-+msgstr "Niveau de débogage"
-
--#~ msgid ""
--#~ "Server where the change password service is running if not on the KDC"
--#~ msgstr ""
--#~ "Serveur où tourne le service de changement de mot de passe s'il n'est pas "
--#~ "sur le KDC"
-+#: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
-+msgid "Add debug timestamps"
-+msgstr "Ajouter l'horodatage au débogage"
-
--#~ msgid "ldap_uri, The URI of the LDAP server"
--#~ msgstr "ldap_uri, l'adresse du serveur LDAP"
-+#: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
-+msgid "Show timestamps with microseconds"
-+msgstr "Afficher l'horodatage en microsecondes"
-
--#~ msgid "ldap_backup_uri, The URI of the LDAP server"
--#~ msgstr "ldap_backup_uri, l'URI du serveur LDAP"
-+#: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
-+msgid "An open file descriptor for the debug logs"
-+msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
-
--#~ msgid "The default base DN"
--#~ msgstr "La base DN par défaut"
-+#: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
-+msgid "Send the debug output to stderr directly."
-+msgstr "Envoyer la sortie de débogage directement vers l'erreur standard."
-
--#~ msgid "The Schema Type in use on the LDAP server, rfc2307"
--#~ msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
-+#: src/providers/krb5/krb5_child.c:3245
-+msgid "The user to create FAST ccache as"
-+msgstr "L'utilisateur à utiliser pour la création du ccache FAST"
-
--#~ msgid "Mode used to change user password"
--#~ msgstr "Mode utilisé pour modifier le mot de passe utilisateur"
-+#: src/providers/krb5/krb5_child.c:3247
-+msgid "The group to create FAST ccache as"
-+msgstr "Le groupe à utiliser pour la création du ccache FAST"
-
--#~ msgid "The default bind DN"
--#~ msgstr "Le DN de connexion par défaut"
-+#: src/providers/krb5/krb5_child.c:3249
-+msgid "Kerberos realm to use"
-+msgstr "Domaine Kerberos à utiliser"
-
--#~ msgid "The type of the authentication token of the default bind DN"
--#~ msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
-+#: src/providers/krb5/krb5_child.c:3251
-+msgid "Requested lifetime of the ticket"
-+msgstr "Demande de renouvellement à vie du billet"
-
--#~ msgid "The authentication token of the default bind DN"
--#~ msgstr "Le jeton d'authentification du DN de connexion par défaut"
-+#: src/providers/krb5/krb5_child.c:3253
-+msgid "Requested renewable lifetime of the ticket"
-+msgstr "Demande de renouvellement à vie du billet"
-
--#~ msgid "Length of time to attempt connection"
--#~ msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
-+#: src/providers/krb5/krb5_child.c:3255
-+msgid "FAST options ('never', 'try', 'demand')"
-+msgstr "Options FAST ('never', 'try', 'demand')"
-
--#~ msgid "Length of time to attempt synchronous LDAP operations"
--#~ msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
-+#: src/providers/krb5/krb5_child.c:3258
-+msgid "Specifies the server principal to use for FAST"
-+msgstr "Spécifie le principal de serveur afin d'utiliser FAST."
-
--#~ msgid "Length of time between attempts to reconnect while offline"
--#~ msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
-+#: src/providers/krb5/krb5_child.c:3260
-+msgid "Requests canonicalization of the principal name"
-+msgstr "Demande la canonisation du nom principal"
-
--#~ msgid "Use only the upper case for realm names"
--#~ msgstr "N'utiliser que des majuscules pour les noms de domaine"
-+#: src/providers/krb5/krb5_child.c:3262
-+msgid "Use custom version of krb5_get_init_creds_password"
-+msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
-
--#~ msgid "File that contains CA certificates"
--#~ msgstr "Fichier contenant les certificats des CA"
-+#: src/providers/data_provider_be.c:674
-+msgid "Domain of the information provider (mandatory)"
-+msgstr "Domaine du fournisseur d'informations (obligatoire)"
-+
-+#: src/sss_client/common.c:1079
-+msgid "Privileged socket has wrong ownership or permissions."
-+msgstr ""
-+"Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire."
-+
-+#: src/sss_client/common.c:1082
-+msgid "Public socket has wrong ownership or permissions."
-+msgstr ""
-+"Le socket public a de mauvaises permissions ou un mauvais propriétaire."
-+
-+#: src/sss_client/common.c:1085
-+msgid "Unexpected format of the server credential message."
-+msgstr "Le message du serveur de crédits a un format inattendu."
-+
-+#: src/sss_client/common.c:1088
-+msgid "SSSD is not run by root."
-+msgstr "SSSD n'est pas démarré par root."
-+
-+#: src/sss_client/common.c:1091
-+msgid "SSSD socket does not exist."
-+msgstr "La socket SSSD n'existe pas."
-+
-+#: src/sss_client/common.c:1094
-+msgid "Cannot get stat of SSSD socket."
-+msgstr "Impossible d'obtenir le stat du socket SSSD."
-+
-+#: src/sss_client/common.c:1099
-+msgid "An error occurred, but no description can be found."
-+msgstr "Une erreur est survenue mais aucune description n'est trouvée."
-+
-+#: src/sss_client/common.c:1105
-+msgid "Unexpected error while looking for an error description"
-+msgstr "Erreur inattendue lors de la recherche de la description de l'erreur"
-+
-+#: src/sss_client/pam_sss.c:68
-+msgid "Permission denied. "
-+msgstr "Accès refusé."
-+
-+#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:781
-+#: src/sss_client/pam_sss.c:792
-+msgid "Server message: "
-+msgstr "Message du serveur : "
-+
-+#: src/sss_client/pam_sss.c:299
-+msgid "Passwords do not match"
-+msgstr "Les mots de passe ne correspondent pas"
-+
-+#: src/sss_client/pam_sss.c:487
-+msgid "Password reset by root is not supported."
-+msgstr ""
-+"La réinitialisation du mot de passe par root n'est pas prise en charge."
-+
-+#: src/sss_client/pam_sss.c:528
-+msgid "Authenticated with cached credentials"
-+msgstr "Authentifié avec les crédits mis en cache"
-+
-+#: src/sss_client/pam_sss.c:529
-+msgid ", your cached password will expire at: "
-+msgstr ", votre mot de passe en cache expirera à :"
-+
-+#: src/sss_client/pam_sss.c:559
-+#, c-format
-+msgid "Your password has expired. You have %1$d grace login(s) remaining."
-+msgstr ""
-+"Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)."
-+
-+#: src/sss_client/pam_sss.c:605
-+#, c-format
-+msgid "Your password will expire in %1$d %2$s."
-+msgstr "Votre mot de passe expirera dans %1$d %2$s."
-+
-+#: src/sss_client/pam_sss.c:654
-+msgid "Authentication is denied until: "
-+msgstr "L'authentification est refusée jusque :"
-+
-+#: src/sss_client/pam_sss.c:675
-+msgid "System is offline, password change not possible"
-+msgstr ""
-+"Le système est hors-ligne, les modifications du mot de passe sont "
-+"impossibles"
-+
-+#: src/sss_client/pam_sss.c:690
-+msgid ""
-+"After changing the OTP password, you need to log out and back in order to "
-+"acquire a ticket"
-+msgstr ""
-+"Après avoir modifié le mot de passe OTP, vous devez vous déconnecter et vous "
-+"reconnecter afin d'acquérir un ticket"
-+
-+#: src/sss_client/pam_sss.c:778 src/sss_client/pam_sss.c:791
-+msgid "Password change failed. "
-+msgstr "Échec du changement de mot de passe."
-+
-+#: src/sss_client/pam_sss.c:2015
-+msgid "New Password: "
-+msgstr "Nouveau mot de passe : "
-+
-+#: src/sss_client/pam_sss.c:2016
-+msgid "Reenter new Password: "
-+msgstr "Retaper le nouveau mot de passe : "
-+
-+#: src/sss_client/pam_sss.c:2178 src/sss_client/pam_sss.c:2181
-+msgid "First Factor: "
-+msgstr "Premier facteur :"
-+
-+#: src/sss_client/pam_sss.c:2179 src/sss_client/pam_sss.c:2353
-+msgid "Second Factor (optional): "
-+msgstr "Deuxième facteur (facultatif) : "
-+
-+#: src/sss_client/pam_sss.c:2182 src/sss_client/pam_sss.c:2356
-+msgid "Second Factor: "
-+msgstr "Second facteur :"
-+
-+#: src/sss_client/pam_sss.c:2200
-+msgid "Password: "
-+msgstr "Mot de passe : "
-+
-+#: src/sss_client/pam_sss.c:2352 src/sss_client/pam_sss.c:2355
-+msgid "First Factor (Current Password): "
-+msgstr "Premier facteur (mot de passe actuel) : "
-+
-+#: src/sss_client/pam_sss.c:2359
-+msgid "Current Password: "
-+msgstr "Mot de passe actuel : "
-+
-+#: src/sss_client/pam_sss.c:2714
-+msgid "Password expired. Change your password now."
-+msgstr "Mot de passe expiré. Changez votre mot de passe maintenant."
-+
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
-+#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
-+#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
-+#: src/tools/sss_cache.c:719
-+msgid "The debug level to run with"
-+msgstr "Le niveau de débogage utilisé avec"
-+
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
-+msgid "The SSSD domain to use"
-+msgstr "Le domaine SSSD à utiliser"
-+
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
-+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
-+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
-+#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
-+#: src/tools/sss_cache.c:765
-+msgid "Error setting the locale\n"
-+msgstr "Erreur lors du paramétrage de la locale\n"
-+
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
-+msgid "Not enough memory\n"
-+msgstr "Mémoire insuffisante\n"
-+
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
-+msgid "User not specified\n"
-+msgstr "Utilisateur non spécifié\n"
-+
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
-+msgid "Error looking up public keys\n"
-+msgstr "Erreur lors de la recherche des clés publiques\n"
-+
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
-+msgid "The port to use to connect to the host"
-+msgstr "Le port à utiliser pour se connecter à l'hôte"
-+
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
-+msgid "Print the host ssh public keys"
-+msgstr "Imprimer les clés publiques ssh de l'hôte"
-+
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
-+msgid "Invalid port\n"
-+msgstr "Port invalide\n"
-+
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
-+msgid "Host not specified\n"
-+msgstr "Hôte non spécifié\n"
-+
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
-+msgid "The path to the proxy command must be absolute\n"
-+msgstr "Le chemin vers la commande de proxy doit être absolue\n"
-+
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
-+#, c-format
-+msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
-+msgstr "sss_ssh_knownhostsproxy : Impossible de résoudre le nom d'hôte %s\n"
-+
-+#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
-+msgid "The UID of the user"
-+msgstr "L'UID de l'utilisateur"
-+
-+#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
-+msgid "The comment string"
-+msgstr "Phrase de commentaire"
-+
-+#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
-+msgid "Home directory"
-+msgstr "Répertoire utilisateur"
-+
-+#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
-+msgid "Login shell"
-+msgstr "Interpréteur de commandes de connexion"
-+
-+#: src/tools/sss_useradd.c:53
-+msgid "Groups"
-+msgstr "Groupes"
-+
-+#: src/tools/sss_useradd.c:54
-+msgid "Create user's directory if it does not exist"
-+msgstr "Créer le repertoire utilisateur s'il n'existe pas"
-+
-+#: src/tools/sss_useradd.c:55
-+msgid "Never create user's directory, overrides config"
-+msgstr ""
-+"Ne jamais créer de répertoire utilisateur, outrepasse la configuration"
-+
-+#: src/tools/sss_useradd.c:56
-+msgid "Specify an alternative skeleton directory"
-+msgstr "Spécifie un répertoire squelette alternatif"
-+
-+#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
-+msgid "The SELinux user for user's login"
-+msgstr "L'utilisateur SELinux pour l'identifiant de l'utilisateur"
-+
-+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
-+#: src/tools/sss_usermod.c:92
-+msgid "Specify group to add to\n"
-+msgstr "Définir le groupe à ajouter à\n"
-+
-+#: src/tools/sss_useradd.c:111
-+msgid "Specify user to add\n"
-+msgstr "Définir l'utilisateur à ajouter à\n"
-+
-+#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
-+#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-+#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
-+#: src/tools/sss_usermod.c:162
-+msgid "Error initializing the tools - no local domain\n"
-+msgstr "Erreur à l'initialisation des outils - aucun domaine local\n"
-+
-+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
-+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
-+#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
-+#: src/tools/sss_usermod.c:164
-+msgid "Error initializing the tools\n"
-+msgstr "Erreur à l'initialisation des outils\n"
-+
-+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
-+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
-+#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
-+#: src/tools/sss_usermod.c:173
-+msgid "Invalid domain specified in FQDN\n"
-+msgstr "Domaine invalide définit dans le FQDN\n"
-+
-+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
-+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
-+#: src/tools/sss_usermod.c:226
-+msgid "Internal error while parsing parameters\n"
-+msgstr "Erreur interne lors de l'analyse des paramètres\n"
-+
-+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
-+#: src/tools/sss_usermod.c:235
-+msgid "Groups must be in the same domain as user\n"
-+msgstr "Les groupes doivent être dans le même domaine que l'utilisateur\n"
-+
-+#: src/tools/sss_useradd.c:159
-+#, c-format
-+msgid "Cannot find group %1$s in local domain\n"
-+msgstr "Impossible de trouver le groupe %1$s dans le domaine local\n"
-+
-+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
-+msgid "Cannot set default values\n"
-+msgstr "Impossible de définir les valeurs par défaut\n"
-+
-+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
-+msgid "The selected UID is outside the allowed range\n"
-+msgstr "L'UID sélectionné est en dehors de la plage autorisée\n"
-+
-+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
-+msgid "Cannot set SELinux login context\n"
-+msgstr "Impossible de définir le contexte de connexion SELinux\n"
-+
-+#: src/tools/sss_useradd.c:224
-+msgid "Cannot get info about the user\n"
-+msgstr "Impossible de trouver les informations sur l'utilisateur\n"
-+
-+#: src/tools/sss_useradd.c:236
-+msgid "User's home directory already exists, not copying data from skeldir\n"
-+msgstr ""
-+"Le répertoire de l'utilisateur existe déjà, les données du répertoire "
-+"squelette ne sont pas copiées\n"
-+
-+#: src/tools/sss_useradd.c:239
-+#, c-format
-+msgid "Cannot create user's home directory: %1$s\n"
-+msgstr "Impossible de créer le répertoire de l'utilisateur : %1$s\n"
-+
-+#: src/tools/sss_useradd.c:250
-+#, c-format
-+msgid "Cannot create user's mail spool: %1$s\n"
-+msgstr ""
-+"Impossible de créer le répertoire de réception des messages électroniques "
-+"pour l'utilisateur : %1$s\n"
-+
-+#: src/tools/sss_useradd.c:270
-+msgid "Could not allocate ID for the user - domain full?\n"
-+msgstr ""
-+"L'identifiant de l'utilisateur ne peut pas être alloué - domaine plein ?\n"
-+
-+#: src/tools/sss_useradd.c:274
-+msgid "A user or group with the same name or ID already exists\n"
-+msgstr "Un utilisateur ou groupe avec le même nom ou identifiant existe déjà\n"
-+
-+#: src/tools/sss_useradd.c:280
-+msgid "Transaction error. Could not add user.\n"
-+msgstr "Erreur de transaction. Impossible d'ajouter l'utilisateur.\n"
-+
-+#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
-+msgid "The GID of the group"
-+msgstr "Le GID du groupe"
-+
-+#: src/tools/sss_groupadd.c:76
-+msgid "Specify group to add\n"
-+msgstr "Définir le groupe à ajouter\n"
-+
-+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
-+msgid "The selected GID is outside the allowed range\n"
-+msgstr "Le GID choisit est en dehors de la plage autorisée\n"
-+
-+#: src/tools/sss_groupadd.c:143
-+msgid "Could not allocate ID for the group - domain full?\n"
-+msgstr "Impossible d'allouer l'identifiant du groupe - domaine plein ?\n"
-+
-+#: src/tools/sss_groupadd.c:147
-+msgid "A group with the same name or GID already exists\n"
-+msgstr "Un groupe avec le même nom ou GID existe déjà\n"
-+
-+#: src/tools/sss_groupadd.c:153
-+msgid "Transaction error. Could not add group.\n"
-+msgstr "Erreur de transaction. Impossible d'ajouter le groupe.\n"
-+
-+#: src/tools/sss_groupdel.c:70
-+msgid "Specify group to delete\n"
-+msgstr "Spécifier le groupe à supprimer\n"
-+
-+#: src/tools/sss_groupdel.c:104
-+#, c-format
-+msgid "Group %1$s is outside the defined ID range for domain\n"
-+msgstr ""
-+"Le groupe %1$s est en dehors de la plage d'identifiants définie pour le "
-+"domaine\n"
-+
-+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
-+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
-+#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
-+#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
-+#, c-format
-+msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
-+msgstr ""
-+"Échec de requête NSS (%1$d). L'entrée peut persister dans le cache en "
-+"mémoire.\n"
-+
-+#: src/tools/sss_groupdel.c:132
-+msgid ""
-+"No such group in local domain. Removing groups only allowed in local domain."
-+"\n"
-+msgstr ""
-+"Aucun groupe dans le domaine local. La suppression de groupes n'est "
-+"autorisée que dans le domaine local.\n"
-+
-+#: src/tools/sss_groupdel.c:137
-+msgid "Internal error. Could not remove group.\n"
-+msgstr "Erreur interne. Impossible de supprimer le groupe.\n"
-+
-+#: src/tools/sss_groupmod.c:44
-+msgid "Groups to add this group to"
-+msgstr "Groupes auxquels ce groupe sera ajouté"
-+
-+#: src/tools/sss_groupmod.c:46
-+msgid "Groups to remove this group from"
-+msgstr "Groupes desquels ce groupe sera retiré"
-+
-+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
-+msgid "Specify group to remove from\n"
-+msgstr "Définir le groupe duquel supprimer\n"
-+
-+#: src/tools/sss_groupmod.c:101
-+msgid "Specify group to modify\n"
-+msgstr "Définir le groupe à modifier\n"
-+
-+#: src/tools/sss_groupmod.c:130
-+msgid ""
-+"Cannot find group in local domain, modifying groups is allowed only in local "
-+"domain\n"
-+msgstr ""
-+"Impossible de trouver le groupe dans le domaine local, la modification des "
-+"groupes n'est autorisée que dans le domaine local\n"
-+
-+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
-+msgid "Member groups must be in the same domain as parent group\n"
-+msgstr ""
-+"Les membres du groupe doivent être dans le même domaine que le groupe "
-+"parent\n"
-+
-+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
-+#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
-+#, c-format
-+msgid ""
-+"Cannot find group %1$s in local domain, only groups in local domain are "
-+"allowed\n"
-+msgstr ""
-+"Impossible de trouver le groupe %1$s dans le domaine local, seuls les "
-+"groupes du domaine local sont autorisés\n"
-+
-+#: src/tools/sss_groupmod.c:257
-+msgid "Could not modify group - check if member group names are correct\n"
-+msgstr ""
-+"Impossible de modifier le groupe - vérifier que les noms des groupes membres "
-+"sont corrects\n"
-+
-+#: src/tools/sss_groupmod.c:261
-+msgid "Could not modify group - check if groupname is correct\n"
-+msgstr ""
-+"Impossible de modifier le groupe - vérifier que le nom du groupe est "
-+"correct\n"
-+
-+#: src/tools/sss_groupmod.c:265
-+msgid "Transaction error. Could not modify group.\n"
-+msgstr "Erreur de transaction. Impossible de modifier le groupe.\n"
-+
-+#: src/tools/sss_groupshow.c:616
-+msgid "Magic Private "
-+msgstr "Magie privée"
-+
-+#: src/tools/sss_groupshow.c:615
-+#, c-format
-+msgid "%1$s%2$sGroup: %3$s\n"
-+msgstr "%1$s%2$sGroup: %3$s\n"
-+
-+#: src/tools/sss_groupshow.c:618
-+#, c-format
-+msgid "%1$sGID number: %2$d\n"
-+msgstr "%1$s GID numéro : %2$d\n"
-+
-+#: src/tools/sss_groupshow.c:620
-+#, c-format
-+msgid "%1$sMember users: "
-+msgstr "Utilisateurs membres de %1$s :"
-+
-+#: src/tools/sss_groupshow.c:627
-+#, c-format
-+msgid "\n"
-+"%1$sIs a member of: "
-+msgstr "\n"
-+"%1$s est membre de : "
-+
-+#: src/tools/sss_groupshow.c:634
-+#, c-format
-+msgid "\n"
-+"%1$sMember groups: "
-+msgstr "\n"
-+"Groupes membres de %1$s : "
-+
-+#: src/tools/sss_groupshow.c:670
-+msgid "Print indirect group members recursively"
-+msgstr "Afficher les membres du groupe indirects récursivement"
-+
-+#: src/tools/sss_groupshow.c:704
-+msgid "Specify group to show\n"
-+msgstr "Définir le groupe à afficher\n"
-+
-+#: src/tools/sss_groupshow.c:744
-+msgid ""
-+"No such group in local domain. Printing groups only allowed in local domain."
-+"\n"
-+msgstr ""
-+"Aucun groupe dans le domaine local. L'affichage des groupes n'est autorisé "
-+"que dans le domaine local.\n"
-+
-+#: src/tools/sss_groupshow.c:749
-+msgid "Internal error. Could not print group.\n"
-+msgstr "Erreur interne. Impossible d'afficher le groupe.\n"
-+
-+#: src/tools/sss_userdel.c:138
-+msgid "Remove home directory and mail spool"
-+msgstr "Suppression du répertoire personnel et de gestion des mails"
-+
-+#: src/tools/sss_userdel.c:140
-+msgid "Do not remove home directory and mail spool"
-+msgstr "Ne pas supprimer le répertoire personnel et de gestion des mails"
-+
-+#: src/tools/sss_userdel.c:142
-+msgid "Force removal of files not owned by the user"
-+msgstr "Forcer la suppression des fichiers n'appartenant pas à l'utilisateur"
-+
-+#: src/tools/sss_userdel.c:144
-+msgid "Kill users' processes before removing him"
-+msgstr "Tuer les processus de l'utilisateur avant de le supprimer"
-+
-+#: src/tools/sss_userdel.c:190
-+msgid "Specify user to delete\n"
-+msgstr "Définir l'utilisateur à supprimer\n"
-+
-+#: src/tools/sss_userdel.c:236
-+#, c-format
-+msgid "User %1$s is outside the defined ID range for domain\n"
-+msgstr ""
-+"L'utilisateur %1$s est en dehors de la plage d'identifiants définie pour le "
-+"domaine\n"
-+
-+#: src/tools/sss_userdel.c:261
-+msgid "Cannot reset SELinux login context\n"
-+msgstr "Impossible de réinitialiser le contexte de connexion SELinux\n"
-+
-+#: src/tools/sss_userdel.c:273
-+#, c-format
-+msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
-+msgstr ""
-+"ATTENTION : l'utilisateur (uid %1$lu) était encore connecté lors de sa "
-+"suppression.\n"
-+
-+#: src/tools/sss_userdel.c:278
-+msgid "Cannot determine if the user was logged in on this platform"
-+msgstr ""
-+"Impossible de savoir si l'utilisateur était connecté sur cette plateforme"
-+
-+#: src/tools/sss_userdel.c:283
-+msgid "Error while checking if the user was logged in\n"
-+msgstr "Erreur en vérifiant si l'utilisateur était connecté\n"
-+
-+#: src/tools/sss_userdel.c:290
-+#, c-format
-+msgid "The post-delete command failed: %1$s\n"
-+msgstr "La commande post-suppression a échoué : %1$s\n"
-+
-+#: src/tools/sss_userdel.c:310
-+msgid "Not removing home dir - not owned by user\n"
-+msgstr ""
-+"Le répertoire personnel n'est pas supprimé - l'utilisateur n'en est pas le "
-+"propriétaire\n"
-+
-+#: src/tools/sss_userdel.c:312
-+#, c-format
-+msgid "Cannot remove homedir: %1$s\n"
-+msgstr "Impossible de supprimer le répertoire utilisateur : %1$s\n"
-+
-+#: src/tools/sss_userdel.c:326
-+msgid ""
-+"No such user in local domain. Removing users only allowed in local domain.\n"
-+msgstr ""
-+"Aucun utilisateur dans le domaine local. La suppression des utilisateurs "
-+"n'est autorisée que dans le domaine local.\n"
-+
-+#: src/tools/sss_userdel.c:331
-+msgid "Internal error. Could not remove user.\n"
-+msgstr "Erreur interne. Impossible de supprimer l'utilisateur.\n"
-+
-+#: src/tools/sss_usermod.c:49
-+msgid "The GID of the user"
-+msgstr "Le GID de l'utilisateur"
-+
-+#: src/tools/sss_usermod.c:53
-+msgid "Groups to add this user to"
-+msgstr "Groupes auxquels ajouter cet utilisateur"
-+
-+#: src/tools/sss_usermod.c:54
-+msgid "Groups to remove this user from"
-+msgstr "Groupes auxquels enlever cet utilisateur"
-+
-+#: src/tools/sss_usermod.c:55
-+msgid "Lock the account"
-+msgstr "Verrouiller le compte"
-+
-+#: src/tools/sss_usermod.c:56
-+msgid "Unlock the account"
-+msgstr "Déverrouiller le compte"
-+
-+#: src/tools/sss_usermod.c:57
-+msgid "Add an attribute/value pair. The format is attrname=value."
-+msgstr "Ajouter une paire attribut/valeur. Le format est nom_attribut=valeur."
-+
-+#: src/tools/sss_usermod.c:58
-+msgid "Delete an attribute/value pair. The format is attrname=value."
-+msgstr ""
-+"Supprimer une paire attribut/valeur. Le format est nom_attribut=valeur."
-+
-+#: src/tools/sss_usermod.c:59
-+msgid ""
-+"Set an attribute to a name/value pair. The format is attrname=value. For "
-+"multi-valued attributes, the command replaces the values already present"
-+msgstr ""
-+"Définir une paire attribut/valeur. Le format est nom_attribut=valeur. Pour "
-+"les attributs multi-valués, la commande remplace les valeurs déjà présentes."
-+
-+#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
-+#: src/tools/sss_usermod.c:135
-+msgid "Specify the attribute name/value pair(s)\n"
-+msgstr "Indiquer les paires nom d'attributs et valeurs.\n"
-+
-+#: src/tools/sss_usermod.c:152
-+msgid "Specify user to modify\n"
-+msgstr "Spécifier l'utilisateur à modifier\n"
-
--#~ msgid "Path to CA certificate directory"
--#~ msgstr "Chemin vers le répertoire de certificats des CA"
-+#: src/tools/sss_usermod.c:180
-+msgid ""
-+"Cannot find user in local domain, modifying users is allowed only in local "
-+"domain\n"
-+msgstr ""
-+"Impossible de trouver l'utilisateur dans le domaine local, la modification "
-+"des utilisateurs n'est autorisée que dans le domaine local\n"
-
--#~ msgid "File that contains the client certificate"
--#~ msgstr "Fichier contenant le certificat client"
-+#: src/tools/sss_usermod.c:322
-+msgid "Could not modify user - check if group names are correct\n"
-+msgstr ""
-+"Impossible de modifier l'utilisateur - vérifiez que les noms de groupe sont "
-+"corrects\n"
-
--#~ msgid "File that contains the client key"
--#~ msgstr "Fichier contenant la clé du client"
-+#: src/tools/sss_usermod.c:326
-+msgid "Could not modify user - user already member of groups?\n"
-+msgstr ""
-+"Impossible de modifier l'utilisateur - l'utilisateur est déjà membre du "
-+"groupe ?\n"
-
--#~ msgid "List of possible ciphers suites"
--#~ msgstr "Liste des suites de chiffrement possibles"
-+#: src/tools/sss_usermod.c:330
-+msgid "Transaction error. Could not modify user.\n"
-+msgstr "Erreur de transaction. Impossible de modifier l'utlisateur.\n"
-
--#~ msgid "Require TLS certificate verification"
--#~ msgstr "Requiert une vérification de certificat TLS"
-+#: src/tools/sss_cache.c:245
-+msgid "No cache object matched the specified search\n"
-+msgstr "Aucun object trouvé dans le cache pour la recherche spécifiée\n"
-
--#~ msgid "Specify the sasl mechanism to use"
--#~ msgstr "Spécifier le mécanisme SASL à utiliser"
-+#: src/tools/sss_cache.c:536
-+#, c-format
-+msgid "Couldn't invalidate %1$s\n"
-+msgstr "Impossible d'invalider %1$s\n"
-
--#~ msgid "Specify the sasl authorization id to use"
--#~ msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
-+#: src/tools/sss_cache.c:543
-+#, c-format
-+msgid "Couldn't invalidate %1$s %2$s\n"
-+msgstr "Impossible d'invalider %1$s %2$s\n"
-
--#~ msgid "Specify the sasl authorization realm to use"
--#~ msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
-+#: src/tools/sss_cache.c:721
-+msgid "Invalidate all cached entries"
-+msgstr "Invalidez toutes les entrées en cache"
-
--#~ msgid "Specify the minimal SSF for LDAP sasl authorization"
--#~ msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-+#: src/tools/sss_cache.c:723
-+msgid "Invalidate particular user"
-+msgstr "Invalider un utilisateur spécifique"
-
--#~ msgid "Kerberos service keytab"
--#~ msgstr "Service du fichier keytab de Kerberos"
-+#: src/tools/sss_cache.c:725
-+msgid "Invalidate all users"
-+msgstr "Invalider tous les utilisateurs"
-
--#~ msgid "Use Kerberos auth for LDAP connection"
--#~ msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
-+#: src/tools/sss_cache.c:727
-+msgid "Invalidate particular group"
-+msgstr "Invalider un groupe particulier"
-
--#~ msgid "Follow LDAP referrals"
--#~ msgstr "Suivre les référents LDAP"
-+#: src/tools/sss_cache.c:729
-+msgid "Invalidate all groups"
-+msgstr "Invalider tous les groupes"
-
--#~ msgid "Lifetime of TGT for LDAP connection"
--#~ msgstr "Durée de vie du TGT pour la connexion LDAP"
-+#: src/tools/sss_cache.c:731
-+msgid "Invalidate particular netgroup"
-+msgstr "Invalider un groupe réseau particulier"
-
--#~ msgid "How to dereference aliases"
--#~ msgstr "Comment déréférencer les alias"
-+#: src/tools/sss_cache.c:733
-+msgid "Invalidate all netgroups"
-+msgstr "Invalider tous les groupes réseau"
-
--#~ msgid "Service name for DNS service lookups"
--#~ msgstr "Nom du service pour les recherches DNS"
-+#: src/tools/sss_cache.c:735
-+msgid "Invalidate particular service"
-+msgstr "Invalidation d'un service particulier"
-
--#~ msgid "The number of records to retrieve in a single LDAP query"
--#~ msgstr ""
--#~ "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
-+#: src/tools/sss_cache.c:737
-+msgid "Invalidate all services"
-+msgstr "Invalidation de tous les services"
-
--#~ msgid "The number of members that must be missing to trigger a full deref"
--#~ msgstr ""
--#~ "Nombre de membres qui doivent être manquants pour activer un "
--#~ "déréférencement complet"
-+#: src/tools/sss_cache.c:740
-+msgid "Invalidate particular autofs map"
-+msgstr "Invalidation d'une carte autofs particulière"
-
--#~ msgid ""
--#~ "Whether the LDAP library should perform a reverse lookup to canonicalize "
--#~ "the host name during a SASL bind"
--#~ msgstr ""
--#~ "Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser "
--#~ "le nom d'hôte pendant une connexion SASL ?"
-+#: src/tools/sss_cache.c:742
-+msgid "Invalidate all autofs maps"
-+msgstr "Invalidation de toutes les cartes autofs"
-
--#~ msgid "entryUSN attribute"
--#~ msgstr "attribut entryUSN"
-+#: src/tools/sss_cache.c:746
-+msgid "Invalidate particular SSH host"
-+msgstr "Invalider un hôte SSH particulier"
-
--#~ msgid "lastUSN attribute"
--#~ msgstr "attribut lastUSN"
-+#: src/tools/sss_cache.c:748
-+msgid "Invalidate all SSH hosts"
-+msgstr "Invalider tous les hôtes SSH"
-
--#~ msgid ""
--#~ "How long to retain a connection to the LDAP server before disconnecting"
--#~ msgstr ""
--#~ "Combien de temps conserver la connexion au serveur LDAP avant de se "
--#~ "déconnecter"
-+#: src/tools/sss_cache.c:752
-+msgid "Invalidate particular sudo rule"
-+msgstr "Invalider une règle sudo particulière"
-
--#~ msgid "Disable the LDAP paging control"
--#~ msgstr "Désactiver le contrôle des pages LDAP"
-+#: src/tools/sss_cache.c:754
-+msgid "Invalidate all cached sudo rules"
-+msgstr "Invalider toutes les règles sudo en cache"
-
--#~ msgid "Disable Active Directory range retrieval"
--#~ msgstr "Désactiver la récupération de plage Active Directory."
-+#: src/tools/sss_cache.c:757
-+msgid "Only invalidate entries from a particular domain"
-+msgstr "N'invalider des entrées que d'un domaine spécifique"
-
--#~ msgid "Length of time to wait for a search request"
--#~ msgstr "Durée d'attente pour une requête de recherche"
-+#: src/tools/sss_cache.c:811
-+msgid ""
-+"Unexpected argument(s) provided, options that invalidate a single object "
-+"only accept a single provided argument.\n"
-+msgstr ""
-+"Argument(s) inattendu(s) fourni(s), les options qui invalident un seul objet "
-+"n'acceptent qu'un seul argument fourni.\n"
-
--#~ msgid "Length of time to wait for a enumeration request"
--#~ msgstr "Durée d'attente pour une requête d'énumération"
-+#: src/tools/sss_cache.c:821
-+msgid "Please select at least one object to invalidate\n"
-+msgstr "Merci de sélectionner au moins un objet à invalider\n"
-
--#~ msgid "Length of time between enumeration updates"
--#~ msgstr "Durée entre deux mises à jour d'énumération"
-+#: src/tools/sss_cache.c:904
-+#, c-format
-+msgid ""
-+"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
-+"use fully qualified name instead of --domain/-d parameter.\n"
-+msgstr ""
-+"Impossible d'ouvrir le domaine %1$s. Si le domaine est un sous-domaine "
-+"(domaine approuvé), utiliser le nom pleinement qualifié au lieu du paramètre "
-+"--domain/-d.\n"
-
--#~ msgid "Length of time between cache cleanups"
--#~ msgstr "Durée entre les nettoyages de cache"
-+#: src/tools/sss_cache.c:909
-+msgid "Could not open available domains\n"
-+msgstr "Impossible d'ouvrir aucun des domaines disponibles\n"
-
--#~ msgid "Require TLS for ID lookups"
--#~ msgstr "TLS est requis pour les recherches d'identifiants"
-+#: src/tools/tools_util.c:202
-+#, c-format
-+msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
-+msgstr ""
-+"Le nom « %1$s » ne semble pas être un FQDN (« %2$s = TRUE » est configuré)\n"
-
--#~ msgid "Use ID-mapping of objectSID instead of pre-set IDs"
--#~ msgstr ""
--#~ "Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-"
--#~ "établis"
-+#: src/tools/tools_util.c:309
-+msgid "Out of memory\n"
-+msgstr "Mémoire saturée\n"
-
--#~ msgid "Base DN for user lookups"
--#~ msgstr "Base DN pour les recherches d'utilisateurs"
-+#: src/tools/tools_util.h:40
-+#, c-format
-+msgid "%1$s must be run as root\n"
-+msgstr "%1$s doit être lancé en tant que root\n"
-
--#~ msgid "Scope of user lookups"
--#~ msgstr "Scope des recherches d'utilisateurs"
-+#: src/tools/sssctl/sssctl.c:35
-+msgid "yes"
-+msgstr "oui"
-
--#~ msgid "Filter for user lookups"
--#~ msgstr "Filtre pour les recherches d'utilisateurs"
-+#: src/tools/sssctl/sssctl.c:37
-+msgid "no"
-+msgstr "non"
-
--#~ msgid "Objectclass for users"
--#~ msgstr "Classe d'objet pour les utilisateurs"
-+#: src/tools/sssctl/sssctl.c:39
-+msgid "error"
-+msgstr "erreur"
-
--#~ msgid "Username attribute"
--#~ msgstr "Attribut de nom d'utilisateur"
-+#: src/tools/sssctl/sssctl.c:42
-+msgid "Invalid result."
-+msgstr "Résultat non valide."
-
--#~ msgid "UID attribute"
--#~ msgstr "Attribut UID"
-+#: src/tools/sssctl/sssctl.c:78
-+msgid "Unable to read user input\n"
-+msgstr "Impossible de lire l'entrée de l'utilisateur\n"
-
--#~ msgid "Primary GID attribute"
--#~ msgstr "Attribut de GID primaire"
-+#: src/tools/sssctl/sssctl.c:91
-+#, c-format
-+msgid "Invalid input, please provide either '%s' or '%s'.\n"
-+msgstr "Entrée non valable, veuillez fournir %s ou %s\n"
-
--#~ msgid "GECOS attribute"
--#~ msgstr "Attribut GECOS"
-+#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
-+msgid "Error while executing external command\n"
-+msgstr "Erreur lors de l'exécution d'une commande externe\n"
-
--#~ msgid "Home directory attribute"
--#~ msgstr "Attribut de répertoire utilisateur"
-+#: src/tools/sssctl/sssctl.c:156
-+msgid "SSSD needs to be running. Start SSSD now?"
-+msgstr "Le SSSD doit être exécuté. Démarrer le SSSD maintenant ?"
-
--#~ msgid "Shell attribute"
--#~ msgstr "Attribut d'interpréteur de commandes"
-+#: src/tools/sssctl/sssctl.c:195
-+msgid "SSSD must not be running. Stop SSSD now?"
-+msgstr ""
-+"Le SSSD ne doit pas être en cours d'exécution. Arrêter le SSSD maintenant ?"
-
--#~ msgid "UUID attribute"
--#~ msgstr "attribut UUID"
-+#: src/tools/sssctl/sssctl.c:231
-+msgid "SSSD needs to be restarted. Restart SSSD now?"
-+msgstr "Le SSSD doit être relancé. Redémarrer SSSD maintenant ?"
-
--#~ msgid "objectSID attribute"
--#~ msgstr "attribut objectSID"
-+#: src/tools/sssctl/sssctl_cache.c:31
-+#, c-format
-+msgid " %s is not present in cache.\n"
-+msgstr " %s n'est pas présent dans le cache.\n"
-
--#~ msgid "Active Directory primary group attribute for ID-mapping"
--#~ msgstr "Groupe primaire Active Directory pour la correspondance d'ID"
-+#: src/tools/sssctl/sssctl_cache.c:33
-+msgid "Name"
-+msgstr "Nom"
-
--#~ msgid "User principal attribute (for Kerberos)"
--#~ msgstr "Attribut d'utilisateur principal (pour Kerberos)"
-+#: src/tools/sssctl/sssctl_cache.c:34
-+msgid "Cache entry creation date"
-+msgstr "Date de création de l'entrée en cache"
-
--#~ msgid "Full Name"
--#~ msgstr "Nom complet"
-+#: src/tools/sssctl/sssctl_cache.c:35
-+msgid "Cache entry last update time"
-+msgstr "Heure de la dernière mise à jour de l'entrée du cache"
-
--#~ msgid "memberOf attribute"
--#~ msgstr "Attribut memberOf"
-+#: src/tools/sssctl/sssctl_cache.c:36
-+msgid "Cache entry expiration time"
-+msgstr "Temps d'expiration de l'entrée du cache"
-
--#~ msgid "Modification time attribute"
--#~ msgstr "Attribut de date de modification"
-+#: src/tools/sssctl/sssctl_cache.c:37
-+msgid "Cached in InfoPipe"
-+msgstr "Mise en cache dans InfoPipe"
-
--#~ msgid "shadowLastChange attribute"
--#~ msgstr "Attribut shadowLastChange"
-+#: src/tools/sssctl/sssctl_cache.c:522
-+#, c-format
-+msgid "Error: Unable to get object [%d]: %s\n"
-+msgstr "Erreur : Impossible d'obtenir l'objet [%d] : %s\n"
-
--#~ msgid "shadowMin attribute"
--#~ msgstr "Attribut shadowMin"
-+#: src/tools/sssctl/sssctl_cache.c:538
-+#, c-format
-+msgid "%s: Unable to read value [%d]: %s\n"
-+msgstr "%s: Impossible de lire la valeur [%d] : %s\n"
-
--#~ msgid "shadowMax attribute"
--#~ msgstr "Attribut shadowMax"
-+#: src/tools/sssctl/sssctl_cache.c:566
-+msgid "Specify name."
-+msgstr "Indiquez le nom."
-
--#~ msgid "shadowWarning attribute"
--#~ msgstr "Attribut shadowWarning"
-+#: src/tools/sssctl/sssctl_cache.c:576
-+#, c-format
-+msgid "Unable to parse name %s.\n"
-+msgstr "Impossible d'analyser le nom %s.\n"
-
--#~ msgid "shadowInactive attribute"
--#~ msgstr "Attribut shadowInactive"
-+#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
-+msgid "Search by SID"
-+msgstr "Recherche par SID"
-
--#~ msgid "shadowExpire attribute"
--#~ msgstr "Attribut shadowExpire"
-+#: src/tools/sssctl/sssctl_cache.c:603
-+msgid "Search by user ID"
-+msgstr "Recherche par ID utilisateur"
-
--#~ msgid "shadowFlag attribute"
--#~ msgstr "Attribut shadowFlag"
-+#: src/tools/sssctl/sssctl_cache.c:612
-+msgid "Initgroups expiration time"
-+msgstr "Délai d'expiration des initgroups"
-
--#~ msgid "Attribute listing authorized PAM services"
--#~ msgstr "Attribut listant les services PAM autorisés"
-+#: src/tools/sssctl/sssctl_cache.c:650
-+msgid "Search by group ID"
-+msgstr "Recherche par ID de groupe"
-
--#~ msgid "Attribute listing authorized server hosts"
--#~ msgstr "Attribut listant les hôtes de serveurs autorisés"
-+#: src/tools/sssctl/sssctl_config.c:112
-+#, c-format
-+msgid "Failed to open %s\n"
-+msgstr "N’a pas pu ouvrir %s\n"
-
--#~ msgid "Attribute listing authorized server rhosts"
--#~ msgstr "Attribut listant les rhosts de serveurs autorisés"
-+#: src/tools/sssctl/sssctl_config.c:117
-+#, c-format
-+msgid "File %1$s does not exist.\n"
-+msgstr "Le fichier %1$s n’existe pas.\n"
-
--#~ msgid "krbLastPwdChange attribute"
--#~ msgstr "Attribut krbLastPwdChange"
-+#: src/tools/sssctl/sssctl_config.c:121
-+msgid ""
-+"File ownership and permissions check failed. Expected root:root and 0600.\n"
-+msgstr ""
-+"La vérification de la propriété et des permissions des fichiers a échoué. "
-+"Attendue : root:root et 0600.\n"
-
--#~ msgid "krbPasswordExpiration attribute"
--#~ msgstr "Attribut krbPasswordExpiration"
-+#: src/tools/sssctl/sssctl_config.c:127
-+#, c-format
-+msgid "Failed to load configuration from %s.\n"
-+msgstr ""
-
--#~ msgid "Attribute indicating that server side password policies are active"
--#~ msgstr ""
--#~ "Attribut indiquant que la stratégie de mot de passe du serveur est active"
-+#: src/tools/sssctl/sssctl_config.c:133
-+msgid "Error while reading configuration directory.\n"
-+msgstr "Erreur lors de la lecture du répertoire de configuration.\n"
-
--#~ msgid "accountExpires attribute of AD"
--#~ msgstr "Attribut AD accountExpires"
-+#: src/tools/sssctl/sssctl_config.c:141
-+msgid ""
-+"There is no configuration. SSSD will use default configuration with files "
-+"provider.\n"
-+msgstr ""
-+"Il n'y a pas de configuration. SSSD utilisera la configuration par défaut "
-+"avec le fournisseur de fichiers.\n"
-
--#~ msgid "userAccountControl attribute of AD"
--#~ msgstr "Attribut AD userAccountControl"
-+#: src/tools/sssctl/sssctl_config.c:153
-+msgid "Failed to run validators"
-+msgstr "Échec de l'exécution des validateurs"
-
--#~ msgid "nsAccountLock attribute"
--#~ msgstr "Attribut nsAccountLock"
-+#: src/tools/sssctl/sssctl_config.c:157
-+#, c-format
-+msgid "Issues identified by validators: %zu\n"
-+msgstr "Problèmes identifiés par les validateurs : %zu\n"
-
--#~ msgid "loginDisabled attribute of NDS"
--#~ msgstr "Attribut NDS loginDisabled"
-+#: src/tools/sssctl/sssctl_config.c:168
-+#, c-format
-+msgid "Messages generated during configuration merging: %zu\n"
-+msgstr "Messages générés lors de la fusion des configurations : %zu\n"
-
--#~ msgid "loginExpirationTime attribute of NDS"
--#~ msgstr "Attribut NDS loginExpirationTime"
-+#: src/tools/sssctl/sssctl_config.c:179
-+#, c-format
-+msgid "Used configuration snippet files: %zu\n"
-+msgstr "Fichiers de configuration utilisés : %zu\n"
-
--#~ msgid "loginAllowedTimeMap attribute of NDS"
--#~ msgstr "Attribut NDS loginAllowedTimeMap"
-+#: src/tools/sssctl/sssctl_data.c:89
-+#, c-format
-+msgid "Unable to create backup directory [%d]: %s"
-+msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s"
-
--#~ msgid "SSH public key attribute"
--#~ msgstr "Attribut de clé public SSH"
-+#: src/tools/sssctl/sssctl_data.c:95
-+msgid "SSSD backup of local data already exists, override?"
-+msgstr "La sauvegarde SSSD des données locales existe déjà, la remplacer ?"
-
--#~ msgid "attribute listing allowed authentication types for a user"
--#~ msgstr ""
--#~ "attribut énumérant les types d'authentification autorisés pour un "
--#~ "utilisateur"
-+#: src/tools/sssctl/sssctl_data.c:111
-+msgid "Unable to export user overrides\n"
-+msgstr "Impossible d'exporter les substitutions d'utilisateur\n"
-
--#~ msgid "attribute containing the X509 certificate of the user"
--#~ msgstr "attribut contenant le certificat X509 de l'utilisateur"
-+#: src/tools/sssctl/sssctl_data.c:118
-+msgid "Unable to export group overrides\n"
-+msgstr "Impossible d'exporter les substitutions de groupes\n"
-
--#~ msgid "attribute containing the email address of the user"
--#~ msgstr "attribut contenant l’adresse email de l'utilisateur"
-+#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
-+msgid "Override existing backup"
-+msgstr "Remplacer la sauvegarde existante"
-
--#~ msgid "A list of extra attributes to download along with the user entry"
--#~ msgstr ""
--#~ "Une liste des attributs supplémentaires à télécharger avec l'entrée de "
--#~ "l'utilisateur"
-+#: src/tools/sssctl/sssctl_data.c:164
-+msgid "Unable to import user overrides\n"
-+msgstr "Impossible d'importer les substitutions d'utilisateur\n"
-
--#~ msgid "Base DN for group lookups"
--#~ msgstr "DN de base pour les recherches de groupes"
-+#: src/tools/sssctl/sssctl_data.c:173
-+msgid "Unable to import group overrides\n"
-+msgstr "Impossible d'importer les substitutions de groupes\n"
-
--#~ msgid "Objectclass for groups"
--#~ msgstr "Classe d'objet pour les groupes"
-+#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
-+#: src/tools/sssctl/sssctl_domains.c:328
-+msgid "Start SSSD if it is not running"
-+msgstr "Démarrer SSSD s'il n'est pas en cours d'exécution"
-
--#~ msgid "Group name"
--#~ msgstr "Nom du groupe"
-+#: src/tools/sssctl/sssctl_data.c:195
-+msgid "Restart SSSD after data import"
-+msgstr "Redémarrer SSSD après l'importation des données"
-
--#~ msgid "Group password"
--#~ msgstr "Mot de passe du groupe"
-+#: src/tools/sssctl/sssctl_data.c:218
-+msgid "Create clean cache files and import local data"
-+msgstr "Créer des fichiers de cache propres et importer des données locales"
-
--#~ msgid "GID attribute"
--#~ msgstr "Attribut GID"
-+#: src/tools/sssctl/sssctl_data.c:219
-+msgid "Stop SSSD before removing the cache"
-+msgstr "Arrêtez SSSD avant de supprimer le cache"
-
--#~ msgid "Group member attribute"
--#~ msgstr "Attribut membre du groupe"
-+#: src/tools/sssctl/sssctl_data.c:220
-+msgid "Start SSSD when the cache is removed"
-+msgstr "Démarrer SSSD lorsque le cache est supprimé"
-
--#~ msgid "Group UUID attribute"
--#~ msgstr "attribut de l'UUID du groupe"
-+#: src/tools/sssctl/sssctl_data.c:235
-+msgid "Creating backup of local data...\n"
-+msgstr "Création d'une sauvegarde des données locales...\n"
-
--#~ msgid "Modification time attribute for groups"
--#~ msgstr "Attribut de date de modification pour les groupes"
-+#: src/tools/sssctl/sssctl_data.c:238
-+msgid "Unable to create backup of local data, can not remove the cache.\n"
-+msgstr ""
-+"Impossible de créer une sauvegarde des données locales, impossible de "
-+"supprimer le cache.\n"
-
--#~ msgid "Type of the group and other flags"
--#~ msgstr "Type de groupe et autres indicateurs"
-+#: src/tools/sssctl/sssctl_data.c:243
-+msgid "Removing cache files...\n"
-+msgstr "Suppression des fichiers de cache...\n"
-
--#~ msgid "The LDAP group external member attribute"
--#~ msgstr "L'attribut de membre externe du groupe LDAP"
-+#: src/tools/sssctl/sssctl_data.c:246
-+msgid "Unable to remove cache files\n"
-+msgstr "Impossible de supprimer les fichiers de cache\n"
-
--#~ msgid "Maximum nesting level SSSD will follow"
--#~ msgstr "Le niveau d'imbrication maximal du SSSD suivra"
-+#: src/tools/sssctl/sssctl_data.c:251
-+msgid "Restoring local data...\n"
-+msgstr "Restauration des données locales...\n"
-
--#~ msgid "Base DN for netgroup lookups"
--#~ msgstr "DN de base pour les recherches de netgroup"
-+#: src/tools/sssctl/sssctl_domains.c:83
-+msgid "Show domain list including primary or trusted domain type"
-+msgstr ""
-+"Afficher la liste des domaines, y compris le type de domaine principal ou de "
-+"confiance"
-
--#~ msgid "Objectclass for netgroups"
--#~ msgstr "Classe d'objet pour les groupes réseau"
-+#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
-+#: src/tools/sssctl/sssctl_user_checks.c:95
-+msgid "Unable to connect to system bus!\n"
-+msgstr "Impossible de se connecter au bus système !\n"
-
--#~ msgid "Netgroup name"
--#~ msgstr "Nom du groupe réseau"
-+#: src/tools/sssctl/sssctl_domains.c:167
-+msgid "Online"
-+msgstr "En ligne"
-
--#~ msgid "Netgroups members attribute"
--#~ msgstr "Attribut des membres des groupes réseau"
-+#: src/tools/sssctl/sssctl_domains.c:167
-+msgid "Offline"
-+msgstr "Hors ligne"
-
--#~ msgid "Netgroup triple attribute"
--#~ msgstr "Attribut triplet du groupe réseau"
-+#: src/tools/sssctl/sssctl_domains.c:167
-+#, c-format
-+msgid "Online status: %s\n"
-+msgstr "Statut en ligne : %s\n"
-
--#~ msgid "Modification time attribute for netgroups"
--#~ msgstr "Attribut date de modification pour les groupes réseau"
-+#: src/tools/sssctl/sssctl_domains.c:213
-+msgid "This domain has no active servers.\n"
-+msgstr "Ce domaine n'a pas de serveurs actifs.\n"
-
--#~ msgid "Base DN for service lookups"
--#~ msgstr "Nom de domaine (DN) de base pour les recherches de service"
-+#: src/tools/sssctl/sssctl_domains.c:218
-+msgid "Active servers:\n"
-+msgstr "Serveurs actifs :\n"
-
--#~ msgid "Objectclass for services"
--#~ msgstr "Classe objet pour les services"
-+#: src/tools/sssctl/sssctl_domains.c:230
-+msgid "not connected"
-+msgstr "non connecté"
-
--#~ msgid "Service name attribute"
--#~ msgstr "Attribut de nom de service"
-+#: src/tools/sssctl/sssctl_domains.c:267
-+msgid "No servers discovered.\n"
-+msgstr "Aucun serveur découvert.\n"
-
--#~ msgid "Service port attribute"
--#~ msgstr "Attribut de port du service"
-+#: src/tools/sssctl/sssctl_domains.c:273
-+#, c-format
-+msgid "Discovered %s servers:\n"
-+msgstr "%s serveurs découverts :\n"
-
--#~ msgid "Service protocol attribute"
--#~ msgstr "Attribut de service du protocole"
-+#: src/tools/sssctl/sssctl_domains.c:285
-+msgid "None so far.\n"
-+msgstr "Aucun pour l'instant.\n"
-
--#~ msgid "Lower bound for ID-mapping"
--#~ msgstr "Limite inférieure pour la correspondance d'ID"
-+#: src/tools/sssctl/sssctl_domains.c:325
-+msgid "Show online status"
-+msgstr "Afficher le statut en ligne"
-
--#~ msgid "Upper bound for ID-mapping"
--#~ msgstr "Limite supérieure pour la correspondance d'ID"
-+#: src/tools/sssctl/sssctl_domains.c:326
-+msgid "Show information about active server"
-+msgstr "Afficher les informations sur le serveur actif"
-
--#~ msgid "Number of IDs for each slice when ID-mapping"
--#~ msgstr "Nombre d'ID par tranche pour la correspondance d'ID"
-+#: src/tools/sssctl/sssctl_domains.c:327
-+msgid "Show list of discovered servers"
-+msgstr "Afficher la liste des serveurs découverts"
-
--#~ msgid "Use autorid-compatible algorithm for ID-mapping"
--#~ msgstr ""
--#~ "Utilisation d'un algorithme compatible autorid pour la correspondance d'ID"
-+#: src/tools/sssctl/sssctl_domains.c:333
-+msgid "Specify domain name."
-+msgstr "Indiquer le nom de domaine."
-
--#~ msgid "Name of the default domain for ID-mapping"
--#~ msgstr "Nom du domaine par défaut pour la correspondance d'ID"
-+#: src/tools/sssctl/sssctl_domains.c:355
-+msgid "Out of memory!\n"
-+msgstr "Plus de mémoire disponible !\n"
-
--#~ msgid "SID of the default domain for ID-mapping"
--#~ msgstr "SID du domaine par défaut pour la correspondance d'ID"
-+#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
-+msgid "Unable to get online status\n"
-+msgstr "Impossible d'obtenir le statut en ligne\n"
-
--#~ msgid "Number of secondary slices"
--#~ msgstr "Nombre de tranches secondaires"
-+#: src/tools/sssctl/sssctl_domains.c:395
-+msgid "Unable to get server list\n"
-+msgstr "Impossible d'obtenir la liste des serveurs\n"
-
--#~ msgid "Whether to use Token-Groups"
--#~ msgstr "Choisir d'utiliser ou non les groupes de jetons"
-+#: src/tools/sssctl/sssctl_logs.c:46
-+msgid "\n"
-+msgstr "\n"
-
--#~ msgid "Set lower boundary for allowed IDs from the LDAP server"
--#~ msgstr ""
--#~ "Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP"
-+#: src/tools/sssctl/sssctl_logs.c:236
-+msgid "Delete log files instead of truncating"
-+msgstr "Supprimer les fichiers de log au lieu de tronquer"
-
--#~ msgid "Set upper boundary for allowed IDs from the LDAP server"
--#~ msgstr ""
--#~ "Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP"
-+#: src/tools/sssctl/sssctl_logs.c:247
-+msgid "Deleting log files...\n"
-+msgstr "Suppression des fichiers journaux...\n"
-
--#~ msgid "DN for ppolicy queries"
--#~ msgstr "DN pour les requêtes sur ppolicy"
-+#: src/tools/sssctl/sssctl_logs.c:250
-+msgid "Unable to remove log files\n"
-+msgstr "Impossible de supprimer les fichiers journaux\n"
-
--#~ msgid "How many maximum entries to fetch during a wildcard request"
--#~ msgstr ""
--#~ "Combien d'entrées maximum à récupérer lors d'une demande de wildcard"
-+#: src/tools/sssctl/sssctl_logs.c:256
-+msgid "Truncating log files...\n"
-+msgstr "Troncature des fichiers de journalisation...\n"
-
--#~ msgid "Policy to evaluate the password expiration"
--#~ msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
-+#: src/tools/sssctl/sssctl_logs.c:259
-+msgid "Unable to truncate log files\n"
-+msgstr "Impossible de tronquer les fichiers de journalisation\n"
-
--#~ msgid "Which attributes shall be used to evaluate if an account is expired"
--#~ msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
-+#: src/tools/sssctl/sssctl_logs.c:285
-+msgid "Out of memory!"
-+msgstr "Plus de mémoire disponible !"
-
--#~ msgid "Which rules should be used to evaluate access control"
--#~ msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
-+#: src/tools/sssctl/sssctl_logs.c:288
-+#, c-format
-+msgid "Archiving log files into %s...\n"
-+msgstr "Archivage des fichiers journaux dans %s...\n"
-
--#~ msgid "URI of an LDAP server where password changes are allowed"
--#~ msgstr ""
--#~ "URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
-+#: src/tools/sssctl/sssctl_logs.c:291
-+msgid "Unable to archive log files\n"
-+msgstr "Impossible d'archiver les fichiers journaux\n"
-
--#~ msgid "URI of a backup LDAP server where password changes are allowed"
--#~ msgstr ""
--#~ "URI d'un serveur LDAP de secours où sont autorisées les modifications de "
--#~ "mot de passe"
-+#: src/tools/sssctl/sssctl_logs.c:316
-+msgid "Specify debug level you want to set"
-+msgstr "Spécifiez le niveau de débogage que vous souhaitez définir"
-
--#~ msgid "DNS service name for LDAP password change server"
--#~ msgstr ""
--#~ "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
-+#: src/tools/sssctl/sssctl_user_checks.c:117
-+msgid "SSSD InfoPipe user lookup result:\n"
-+msgstr "Résultat de la recherche de l'utilisateur SSSD InfoPipe :\n"
-
--#~ msgid ""
--#~ "Whether to update the ldap_user_shadow_last_change attribute after a "
--#~ "password change"
--#~ msgstr ""
--#~ "Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un "
--#~ "changement de mot de passe"
-+#: src/tools/sssctl/sssctl_user_checks.c:167
-+#, c-format
-+msgid "dlopen failed with [%s].\n"
-+msgstr "dlopen a échoué avec [%s].\n"
-
--#~ msgid "Base DN for sudo rules lookups"
--#~ msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:174
-+#, c-format
-+msgid "dlsym failed with [%s].\n"
-+msgstr "dlopen a échoué avec [%s].\n"
-
--#~ msgid "Automatic full refresh period"
--#~ msgstr "Périodicité de rafraichissement total"
-+#: src/tools/sssctl/sssctl_user_checks.c:182
-+msgid "malloc failed.\n"
-+msgstr "malloc a échoué.\n"
-
--#~ msgid "Automatic smart refresh period"
--#~ msgstr "Périodicité de rafraichissement intelligent"
-+#: src/tools/sssctl/sssctl_user_checks.c:189
-+#, c-format
-+msgid "sss_getpwnam_r failed with [%d].\n"
-+msgstr "sss_getpwnam_r a échoué avec [%d].\n"
-
--#~ msgid "Whether to filter rules by hostname, IP addresses and network"
--#~ msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux"
-+#: src/tools/sssctl/sssctl_user_checks.c:194
-+msgid "SSSD nss user lookup result:\n"
-+msgstr "Résultat de la recherche de l'utilisateur SSSD nss :\n"
-
--#~ msgid ""
--#~ "Hostnames and/or fully qualified domain names of this machine to filter "
--#~ "sudo rules"
--#~ msgstr ""
--#~ "Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour "
--#~ "filtrer les règles sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:195
-+#, c-format
-+msgid " - user name: %s\n"
-+msgstr " - user name: %s\n"
-
--#~ msgid ""
--#~ "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
--#~ msgstr ""
--#~ "Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles "
--#~ "sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:196
-+#, c-format
-+msgid " - user id: %d\n"
-+msgstr " - user id: %d\n"
-
--#~ msgid "Whether to include rules that contains netgroup in host attribute"
--#~ msgstr ""
--#~ "Inclure ou non les règles qui contiennent un netgroup dans l'attribut host"
-+#: src/tools/sssctl/sssctl_user_checks.c:197
-+#, c-format
-+msgid " - group id: %d\n"
-+msgstr " - group id: %d\n"
-
--#~ msgid ""
--#~ "Whether to include rules that contains regular expression in host "
--#~ "attribute"
--#~ msgstr ""
--#~ "Inclure ou non les règles qui contiennent une expression rationnelle dans "
--#~ "l'attribut host"
-+#: src/tools/sssctl/sssctl_user_checks.c:198
-+#, c-format
-+msgid " - gecos: %s\n"
-+msgstr " - gecos: %s\n"
-
--#~ msgid "Object class for sudo rules"
--#~ msgstr "Classe objet pour les règles sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:199
-+#, c-format
-+msgid " - home directory: %s\n"
-+msgstr " - home directory: %s\n"
-
--#~ msgid "Name of attribute that is used as object class for sudo rules"
--#~ msgstr ""
--#~ "Nom de l'attribut qui est utilisé comme classe d'objet pour les règles "
--#~ "sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:200
-+#, c-format
-+msgid " - shell: %s\n"
-+"\n"
-+msgstr " - shell: %s\n"
-+"\n"
-
--#~ msgid "Sudo rule name"
--#~ msgstr "Règle de nom sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:232
-+msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
-+msgstr "Action PAM [auth|acct|setc|chau|open|clos], par défaut : "
-
--#~ msgid "Sudo rule command attribute"
--#~ msgstr "Attribut de commande de règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:235
-+msgid "PAM service, default: "
-+msgstr "Service PAM, par défaut : "
-
--#~ msgid "Sudo rule host attribute"
--#~ msgstr "Attribut hôte de la règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:240
-+msgid "Specify user name."
-+msgstr "Spécifiez le nom d'utilisateur."
-
--#~ msgid "Sudo rule user attribute"
--#~ msgstr "Attribut utilisateur de la règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:247
-+#, c-format
-+msgid "user: %s\n"
-+"action: %s\n"
-+"service: %s\n"
-+"\n"
-+msgstr "utilisateur: %s\n"
-+"action: %s\n"
-+"service: %s\n"
-+"\n"
-
--#~ msgid "Sudo rule option attribute"
--#~ msgstr "Attribut option de la règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:252
-+#, c-format
-+msgid "User name lookup with [%s] failed.\n"
-+msgstr "La recherche de nom d'utilisateur avec [%s] a échoué.\n"
-
--#~ msgid "Sudo rule runas attribute"
--#~ msgstr "Attribut de règle sudo runas"
-+#: src/tools/sssctl/sssctl_user_checks.c:257
-+#, c-format
-+msgid "InfoPipe User lookup with [%s] failed.\n"
-+msgstr "La recherche de l'utilisateur InfoPipe avec [%s] a échoué.\n"
-
--#~ msgid "Sudo rule runasuser attribute"
--#~ msgstr "Attribut runasuser de la règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:263
-+#, c-format
-+msgid "pam_start failed: %s\n"
-+msgstr "pam_start a échoué : %s\n"
-
--#~ msgid "Sudo rule runasgroup attribute"
--#~ msgstr "Attribut runasgroup de la règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:268
-+msgid "testing pam_authenticate\n"
-+"\n"
-+msgstr "test de pam_authenticate\n"
-+"\n"
-
--#~ msgid "Sudo rule notbefore attribute"
--#~ msgstr "Attribut notbefore de la règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:272
-+#, c-format
-+msgid "pam_get_item failed: %s\n"
-+msgstr "pam_get_item a échoué : %s\n"
-
--#~ msgid "Sudo rule notafter attribute"
--#~ msgstr "Attribut notafter de règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:275
-+#, c-format
-+msgid "pam_authenticate for user [%s]: %s\n"
-+"\n"
-+msgstr "pam_authenticate pour l'utilisateur [%s] : %s\n"
-
--#~ msgid "Sudo rule order attribute"
--#~ msgstr "Attribut d'ordre de règle sudo"
-+#: src/tools/sssctl/sssctl_user_checks.c:278
-+msgid "testing pam_chauthtok\n"
-+"\n"
-+msgstr "test pam_chauthtok\n"
-+"\n"
-
--#~ msgid "Object class for automounter maps"
--#~ msgstr "Classe objet pour la carte de montage automatique"
-+#: src/tools/sssctl/sssctl_user_checks.c:280
-+#, c-format
-+msgid "pam_chauthtok: %s\n"
-+"\n"
-+msgstr "pam_chauthtok: %s\n"
-+"\n"
-
--#~ msgid "Automounter map name attribute"
--#~ msgstr "Nom de l'attribut de carte de montage automatique"
-+#: src/tools/sssctl/sssctl_user_checks.c:282
-+msgid "testing pam_acct_mgmt\n"
-+"\n"
-+msgstr "test de pam_acct_mgmt\n"
-+"\n"
-
--#~ msgid "Object class for automounter map entries"
--#~ msgstr "Classe objet pour l'entrée de référence de montage automatique"
-+#: src/tools/sssctl/sssctl_user_checks.c:284
-+#, c-format
-+msgid "pam_acct_mgmt: %s\n"
-+"\n"
-+msgstr "pam_acct_mgmt: %s\n"
-+"\n"
-
--#~ msgid "Automounter map entry key attribute"
--#~ msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
-+#: src/tools/sssctl/sssctl_user_checks.c:286
-+msgid "testing pam_setcred\n"
-+"\n"
-+msgstr "test de pam_setcred\n"
-+"\n"
-
--#~ msgid "Automounter map entry value attribute"
--#~ msgstr "Attribut de valeur pour la carte de montage automatique"
-+#: src/tools/sssctl/sssctl_user_checks.c:288
-+#, c-format
-+msgid "pam_setcred: [%s]\n"
-+"\n"
-+msgstr "pam_setcred: [%s]\n"
-+"\n"
-
--#~ msgid "Base DN for automounter map lookups"
--#~ msgstr "Base DN pour les requêtes de carte de montage automatique"
-+#: src/tools/sssctl/sssctl_user_checks.c:290
-+msgid "testing pam_open_session\n"
-+"\n"
-+msgstr "test pam_open_session\n"
-+"\n"
-
--#~ msgid "Comma separated list of allowed users"
--#~ msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
-+#: src/tools/sssctl/sssctl_user_checks.c:292
-+#, c-format
-+msgid "pam_open_session: %s\n"
-+"\n"
-+msgstr "pam_open_session: %s\n"
-+"\n"
-
--#~ msgid "Comma separated list of prohibited users"
--#~ msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
-+#: src/tools/sssctl/sssctl_user_checks.c:294
-+msgid "testing pam_close_session\n"
-+"\n"
-+msgstr "test pam_close_session\n"
-+"\n"
-
--#~ msgid "Default shell, /bin/bash"
--#~ msgstr "Interpréteur de commande par défaut : /bin/bash"
-+#: src/tools/sssctl/sssctl_user_checks.c:296
-+#, c-format
-+msgid "pam_close_session: %s\n"
-+"\n"
-+msgstr "pam_close_session: %s\n"
-+"\n"
-
--#~ msgid "Base for home directories"
--#~ msgstr "Base pour les répertoires utilisateur"
-+#: src/tools/sssctl/sssctl_user_checks.c:298
-+msgid "unknown action\n"
-+msgstr "action inconnue\n"
-
--#~ msgid "The number of preforked proxy children."
--#~ msgstr "Le nombre d'enfants proxy pré-fourche."
-+#: src/tools/sssctl/sssctl_user_checks.c:301
-+msgid "PAM Environment:\n"
-+msgstr "Environnement PAM :\n"
-
--#~ msgid "The name of the NSS library to use"
--#~ msgstr "Nom de la bibliothèque NSS à utiliser"
-+#: src/tools/sssctl/sssctl_user_checks.c:309
-+msgid " - no env -\n"
-+msgstr " - no env -\n"
-
--#~ msgid "Whether to look up canonical group name from cache if possible"
--#~ msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
-+#: src/util/util.h:82
-+msgid "The user ID to run the server as"
-+msgstr "L'identifiant utilisateur sous lequel faire tourner le serveur"
-
--#~ msgid "PAM stack to use"
--#~ msgstr "Pile PAM à utiliser"
-+#: src/util/util.h:84
-+msgid "The group ID to run the server as"
-+msgstr "L'identifiant de groupe sous lequel faire tourner le serveur"
-
--#~ msgid "Path of passwd file sources."
--#~ msgstr "Chemin des sources des fichiers passwd."
-+#: src/util/util.h:92
-+msgid "Informs that the responder has been socket-activated"
-+msgstr "Informe que le répondeur a été activé par un socket"
-
--#~ msgid "Path of group file sources."
--#~ msgstr "Chemin des sources des fichiers de groupe."
-+#: src/util/util.h:94
-+msgid "Informs that the responder has been dbus-activated"
-+msgstr "Informe que le répondeur a été activé par un dbus"
-diff --git a/po/ja.po b/po/ja.po
-index 503ece1de..a5156184c 100644
---- a/po/ja.po
-+++ b/po/ja.po
-@@ -12,2597 +12,3161 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2020-05-19 12:05+0200\n"
--"PO-Revision-Date: 2020-05-19 10:06+0000\n"
--"Last-Translator: Pavel Brezina <pbrezina@redhat.com>\n"
--"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
--"ja/)\n"
--"Language: ja\n"
-+"POT-Creation-Date: 2020-06-17 22:51+0200\n"
- "MIME-Version: 1.0\n"
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
-+"PO-Revision-Date: 2020-06-18 09:13+0000\n"
-+"Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
-+"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
-+"ja/)\n"
-+"Language: ja\n"
- "Plural-Forms: nplurals=1; plural=0;\n"
- "X-Generator: Zanata 4.6.2\n"
-
--#: src/monitor/monitor.c:2371
--msgid "Become a daemon (default)"
--msgstr "デーモンとして実行(デフォルト)"
-+#: src/config/SSSDConfig/sssdoptions.py:20
-+#: src/config/SSSDConfig/sssdoptions.py:21
-+msgid "Set the verbosity of the debug logging"
-+msgstr "デバッグのロギングの冗長性を設定する"
-
--#: src/monitor/monitor.c:2373
--msgid "Run interactive (not a daemon)"
--msgstr "対話的に実行(デーモンではない)"
-+#: src/config/SSSDConfig/sssdoptions.py:22
-+msgid "Include timestamps in debug logs"
-+msgstr "デバッグログにタイムスタンプを含める"
-
--#: src/monitor/monitor.c:2376
--msgid "Disable netlink interface"
--msgstr "netlink インターフェースを無効にする"
-+#: src/config/SSSDConfig/sssdoptions.py:23
-+msgid "Include microseconds in timestamps in debug logs"
-+msgstr "デバッグログにミリ秒単位のタイムスタンプを含める"
-
--#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_logs.c:310
--msgid "Specify a non-default config file"
--msgstr "非標準の設定ファイルの指定"
-+#: src/config/SSSDConfig/sssdoptions.py:24
-+msgid "Write debug messages to logfiles"
-+msgstr "デバッグメッセージをログファイルに書き込む"
-
--#: src/monitor/monitor.c:2380
--msgid "Refresh the configuration database, then exit"
--msgstr "設定データベースをリフレッシュし、その後終了します"
-+#: src/config/SSSDConfig/sssdoptions.py:25
-+msgid "Watchdog timeout before restarting service"
-+msgstr "サービス再起動前の Watchdog タイムアウト"
-
--#: src/monitor/monitor.c:2383
--msgid "Similar to --genconf, but only refreshes the given section"
--msgstr "--genconf と似ていますが、任意のセクションのみをリフレッシュします"
-+#: src/config/SSSDConfig/sssdoptions.py:26
-+msgid "Command to start service"
-+msgstr "サービス開始のコマンド"
-
--#: src/monitor/monitor.c:2386
--msgid "Print version number and exit"
--msgstr "バージョン番号を表示して終了する"
-+#: src/config/SSSDConfig/sssdoptions.py:27
-+msgid "Number of times to attempt connection to Data Providers"
-+msgstr "データプロバイダーの接続を試行する回数"
-
--#: src/monitor/monitor.c:2532
--msgid "SSSD is already running\n"
--msgstr "SSSD はすでに実行中です\n"
-+#: src/config/SSSDConfig/sssdoptions.py:28
-+msgid "The number of file descriptors that may be opened by this responder"
-+msgstr "このレスポンダーににより開かれるファイル記述子の数"
-
--#: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
--msgid "Debug level"
--msgstr "デバッグレベル"
-+#: src/config/SSSDConfig/sssdoptions.py:29
-+msgid "Idle time before automatic disconnection of a client"
-+msgstr "クライアントの自動切断までのアイドル時間"
-
--#: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
--msgid "Add debug timestamps"
--msgstr "デバッグのタイムスタンプを追加する"
-+#: src/config/SSSDConfig/sssdoptions.py:30
-+msgid "Idle time before automatic shutdown of the responder"
-+msgstr "レスポンダーの自動シャットダウンまでのアイドル時間"
-
--#: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
--msgid "Show timestamps with microseconds"
--msgstr "タイムスタンプをミリ秒単位で表示する"
-+#: src/config/SSSDConfig/sssdoptions.py:31
-+msgid "Always query all the caches before querying the Data Providers"
-+msgstr "データプロバイダーをクエリーする前に、常にすべてのキャッシュをクエリーします"
-
--#: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
--msgid "An open file descriptor for the debug logs"
--msgstr "デバッグログのオープンファイルディスクリプター"
-+#: src/config/SSSDConfig/sssdoptions.py:32
-+msgid ""
-+"When SSSD switches to offline mode the amount of time before it tries to go "
-+"back online will increase based upon the time spent disconnected. This value "
-+"is in seconds and calculated by the following: offline_timeout + "
-+"random_offset."
-+msgstr ""
-
--#: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
--msgid "Send the debug output to stderr directly."
--msgstr "デバッグ出力を stderr に直接送信します。"
-+#: src/config/SSSDConfig/sssdoptions.py:38
-+msgid ""
-+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-+"version 2."
-+msgstr ""
-+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-+"version 2."
-
--#: src/providers/krb5/krb5_child.c:3245
--msgid "The user to create FAST ccache as"
--msgstr "次のように FAST ccache を作成するユーザー"
-+#: src/config/SSSDConfig/sssdoptions.py:39
-+msgid "SSSD Services to start"
-+msgstr "開始する SSSD サービス"
-
--#: src/providers/krb5/krb5_child.c:3247
--msgid "The group to create FAST ccache as"
--msgstr "次のように FAST ccache を作成するグループ"
-+#: src/config/SSSDConfig/sssdoptions.py:40
-+msgid "SSSD Domains to start"
-+msgstr "開始する SSSD ドメイン"
-
--#: src/providers/krb5/krb5_child.c:3249
--msgid "Kerberos realm to use"
--msgstr "使用する Kerberos レルム"
-+#: src/config/SSSDConfig/sssdoptions.py:41
-+msgid "Timeout for messages sent over the SBUS"
-+msgstr "SBUS 経由のメッセージ送信のタイムアウト"
-
--#: src/providers/krb5/krb5_child.c:3251
--msgid "Requested lifetime of the ticket"
--msgstr "チケットの要求された有効期間"
-+#: src/config/SSSDConfig/sssdoptions.py:42
-+msgid "Regex to parse username and domain"
-+msgstr "ユーザー名とドメインを構文解析する正規表現"
-
--#: src/providers/krb5/krb5_child.c:3253
--msgid "Requested renewable lifetime of the ticket"
--msgstr "チケットの要求された更新可能な有効期間"
-+#: src/config/SSSDConfig/sssdoptions.py:43
-+msgid "Printf-compatible format for displaying fully-qualified names"
-+msgstr "完全修飾名を表示するための printf 互換の形式"
-
--#: src/providers/krb5/krb5_child.c:3255
--msgid "FAST options ('never', 'try', 'demand')"
--msgstr "FAST のオプション ('never'、'try'、'demand')"
-+#: src/config/SSSDConfig/sssdoptions.py:44
-+msgid ""
-+"Directory on the filesystem where SSSD should store Kerberos replay cache "
-+"files."
-+msgstr "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレクトリーです。"
-
--#: src/providers/krb5/krb5_child.c:3258
--msgid "Specifies the server principal to use for FAST"
--msgstr "FAST で使用するサーバープリンシパルを指定します"
-+#: src/config/SSSDConfig/sssdoptions.py:45
-+msgid "Domain to add to names without a domain component."
-+msgstr "domain 要素なしで追加するドメインの名前。"
-
--#: src/providers/krb5/krb5_child.c:3260
--msgid "Requests canonicalization of the principal name"
--msgstr "プリンシパル名の正規化を要求します"
-+#: src/config/SSSDConfig/sssdoptions.py:46
-+msgid "The user to drop privileges to"
-+msgstr "ユーザーが特権を停止します"
-
--#: src/providers/krb5/krb5_child.c:3262
--msgid "Use custom version of krb5_get_init_creds_password"
--msgstr "krb5_get_init_creds_password のカスタムバージョンを使用します"
-+#: src/config/SSSDConfig/sssdoptions.py:47
-+msgid "Tune certificate verification"
-+msgstr "証明書検証の調整"
-
--#: src/providers/data_provider_be.c:674
--msgid "Domain of the information provider (mandatory)"
--msgstr "情報プロバイダーのドメイン (必須)"
-+#: src/config/SSSDConfig/sssdoptions.py:48
-+msgid "All spaces in group or user names will be replaced with this character"
-+msgstr "グループ名またはユーザー名のすべてのスペースは、この文字に置き換えられます"
-
--#: src/sss_client/common.c:1079
--msgid "Privileged socket has wrong ownership or permissions."
--msgstr "特権ソケットの所有者またはパーミッションが誤っています。"
-+#: src/config/SSSDConfig/sssdoptions.py:49
-+msgid "Tune sssd to honor or ignore netlink state changes"
-+msgstr "SSSD を調整し、netlink の状態変更を尊重するか、または無視します"
-
--#: src/sss_client/common.c:1082
--msgid "Public socket has wrong ownership or permissions."
--msgstr "公開ソケットの所有者またはパーミッションが誤っています。"
-+#: src/config/SSSDConfig/sssdoptions.py:50
-+msgid "Enable or disable the implicit files domain"
-+msgstr "暗黙のファイルドメインを有効化または無効化する"
-
--#: src/sss_client/common.c:1085
--msgid "Unexpected format of the server credential message."
--msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。"
-+#: src/config/SSSDConfig/sssdoptions.py:51
-+msgid "A specific order of the domains to be looked up"
-+msgstr "検索するドメインの特定の順番"
-
--#: src/sss_client/common.c:1088
--msgid "SSSD is not run by root."
--msgstr "SSSD は root により実行されません。"
-+#: src/config/SSSDConfig/sssdoptions.py:52
-+msgid ""
-+"Controls if SSSD should monitor the state of resolv.conf to identify when it "
-+"needs to update its internal DNS resolver."
-+msgstr ""
-
--#: src/sss_client/common.c:1091
--msgid "SSSD socket does not exist."
--msgstr "SSSD ソケットは存在しません。"
-+#: src/config/SSSDConfig/sssdoptions.py:54
-+msgid ""
-+"SSSD monitors the state of resolv.conf to identify when it needs to update "
-+"its internal DNS resolver. By default, we will attempt to use inotify for "
-+"this, and will fall back to polling resolv.conf every five seconds if "
-+"inotify cannot be used."
-+msgstr ""
-+"SSSD monitors the state of resolv.conf to identify when it needs to update "
-+"its internal DNS resolver. By default, we will attempt to use inotify for "
-+"this, and will fall back to polling resolv.conf every five seconds if "
-+"inotify cannot be used."
-
--#: src/sss_client/common.c:1094
--msgid "Cannot get stat of SSSD socket."
--msgstr "SSSD ソケットの統計を取得できません。"
-+#: src/config/SSSDConfig/sssdoptions.py:59
-+msgid "Enumeration cache timeout length (seconds)"
-+msgstr "列挙キャッシュのタイムアウト(秒)"
-
--#: src/sss_client/common.c:1099
--msgid "An error occurred, but no description can be found."
--msgstr "エラーが発生しましたが、説明がありませんでした。"
-+#: src/config/SSSDConfig/sssdoptions.py:60
-+msgid "Entry cache background update timeout length (seconds)"
-+msgstr "エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)"
-
--#: src/sss_client/common.c:1105
--msgid "Unexpected error while looking for an error description"
--msgstr "エラーの説明を検索中に予期しないエラーが発生しました"
-+#: src/config/SSSDConfig/sssdoptions.py:61
-+#: src/config/SSSDConfig/sssdoptions.py:112
-+msgid "Negative cache timeout length (seconds)"
-+msgstr "ネガティブキャッシュのタイムアウト(秒)"
-
--#: src/sss_client/pam_sss.c:68
--msgid "Permission denied. "
--msgstr "パーミッションが拒否されました。"
-+#: src/config/SSSDConfig/sssdoptions.py:62
-+msgid "Files negative cache timeout length (seconds)"
-+msgstr "ファイルネガティブキャッシュのタイムアウト時間(秒)"
-
--#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:779
--#: src/sss_client/pam_sss.c:790
--msgid "Server message: "
--msgstr "サーバーのメッセージ: "
-+#: src/config/SSSDConfig/sssdoptions.py:63
-+msgid "Users that SSSD should explicitly ignore"
-+msgstr "SSSD が明示的に無視するユーザー"
-
--#: src/sss_client/pam_sss.c:297
--msgid "Passwords do not match"
--msgstr "パスワードが一致しません"
-+#: src/config/SSSDConfig/sssdoptions.py:64
-+msgid "Groups that SSSD should explicitly ignore"
-+msgstr "SSSD が明示的に無視するグループ"
-
--#: src/sss_client/pam_sss.c:485
--msgid "Password reset by root is not supported."
--msgstr "root によるパスワードのリセットはサポートされません。"
-+#: src/config/SSSDConfig/sssdoptions.py:65
-+msgid "Should filtered users appear in groups"
-+msgstr "フィルターされたユーザーをグループに表示する"
-
--#: src/sss_client/pam_sss.c:526
--msgid "Authenticated with cached credentials"
--msgstr "キャッシュされているクレデンシャルを用いて認証されました"
-+#: src/config/SSSDConfig/sssdoptions.py:66
-+msgid "The value of the password field the NSS provider should return"
-+msgstr "NSS プロバイダーが返すパスワード項目の値"
-
--#: src/sss_client/pam_sss.c:527
--msgid ", your cached password will expire at: "
--msgstr "、キャッシュされたパスワードが失効します: "
-+#: src/config/SSSDConfig/sssdoptions.py:67
-+msgid "Override homedir value from the identity provider with this value"
-+msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする"
-
--#: src/sss_client/pam_sss.c:557
--#, c-format
--msgid "Your password has expired. You have %1$d grace login(s) remaining."
--msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。"
-+#: src/config/SSSDConfig/sssdoptions.py:68
-+msgid ""
-+"Substitute empty homedir value from the identity provider with this value"
-+msgstr "アイデンティティープロバイダーからの空のホームディレクトリーをこの値で置き換えます"
-
--#: src/sss_client/pam_sss.c:603
--#, c-format
--msgid "Your password will expire in %1$d %2$s."
--msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。"
-+#: src/config/SSSDConfig/sssdoptions.py:69
-+msgid "Override shell value from the identity provider with this value"
-+msgstr "アイデンティティープロバイダーからのシェル値をこの値で上書きします"
-
--#: src/sss_client/pam_sss.c:652
--msgid "Authentication is denied until: "
--msgstr "次まで認証が拒否されます: "
-+#: src/config/SSSDConfig/sssdoptions.py:70
-+msgid "The list of shells users are allowed to log in with"
-+msgstr "ユーザーがログインを許可されるシェルの一覧"
-
--#: src/sss_client/pam_sss.c:673
--msgid "System is offline, password change not possible"
--msgstr "システムがオフラインです、パスワード変更ができません"
-+#: src/config/SSSDConfig/sssdoptions.py:71
-+msgid ""
-+"The list of shells that will be vetoed, and replaced with the fallback shell"
-+msgstr "拒否されてフォールバックシェルで置き換えられるシェルの一覧"
-
--#: src/sss_client/pam_sss.c:688
-+#: src/config/SSSDConfig/sssdoptions.py:72
- msgid ""
--"After changing the OTP password, you need to log out and back in order to "
--"acquire a ticket"
-+"If a shell stored in central directory is allowed but not available, use "
-+"this fallback"
-+msgstr "中央ディレクトリーに保存されたシェルが許可されるが、利用できない場合、このフォールバックを使用する"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:73
-+msgid "Shell to use if the provider does not list one"
-+msgstr "プロバイダーが一覧に持っていないとき使用するシェル"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:74
-+msgid "How long will be in-memory cache records valid"
-+msgstr "メモリー内のキャッシュレコードが有効な期間"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:75
-+msgid ""
-+"The value of this option will be used in the expansion of the "
-+"override_homedir option if the template contains the format string %H."
- msgstr ""
--"OTP パスワードの変更後、チケットを取得するためにログアウト後に再びログインす"
--"る必要があります"
-
--#: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
--msgid "Password change failed. "
--msgstr "パスワードの変更に失敗しました。"
-+#: src/config/SSSDConfig/sssdoptions.py:77
-+msgid ""
-+"Specifies time in seconds for which the list of subdomains will be "
-+"considered valid."
-+msgstr ""
-
--#: src/sss_client/pam_sss.c:2008
--msgid "New Password: "
--msgstr "新しいパスワード: "
-+#: src/config/SSSDConfig/sssdoptions.py:79
-+msgid ""
-+"The entry cache can be set to automatically update entries in the background "
-+"if they are requested beyond a percentage of the entry_cache_timeout value "
-+"for the domain."
-+msgstr ""
-+"The entry cache can be set to automatically update entries in the background "
-+"if they are requested beyond a percentage of the entry_cache_timeout value "
-+"for the domain."
-
--#: src/sss_client/pam_sss.c:2009
--msgid "Reenter new Password: "
--msgstr "新しいパスワードの再入力: "
-+#: src/config/SSSDConfig/sssdoptions.py:84
-+msgid "How long to allow cached logins between online logins (days)"
-+msgstr "オンラインログイン中にキャッシュによるログインが許容される期間(日数)"
-
--#: src/sss_client/pam_sss.c:2171 src/sss_client/pam_sss.c:2174
--msgid "First Factor: "
--msgstr "1 番目の要素: "
-+#: src/config/SSSDConfig/sssdoptions.py:85
-+msgid "How many failed logins attempts are allowed when offline"
-+msgstr "オフラインの時に許容されるログイン試行失敗回数"
-
--#: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
--msgid "Second Factor (optional): "
--msgstr "2 番目の要素 (オプション): "
-+#: src/config/SSSDConfig/sssdoptions.py:87
-+msgid ""
-+"How long (minutes) to deny login after offline_failed_login_attempts has "
-+"been reached"
-+msgstr "offline_failed_login_attempts に達した後にログインを拒否する時間(分)"
-
--#: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
--msgid "Second Factor: "
--msgstr "2 番目の要素: "
-+#: src/config/SSSDConfig/sssdoptions.py:88
-+msgid "What kind of messages are displayed to the user during authentication"
-+msgstr "認証中にユーザーに表示されるメッセージの種類"
-
--#: src/sss_client/pam_sss.c:2190
--msgid "Password: "
--msgstr "パスワード: "
-+#: src/config/SSSDConfig/sssdoptions.py:89
-+msgid "Filter PAM responses sent to the pam_sss"
-+msgstr "pam_sss へ送信された PAM のレスポンスをフィルタリングします"
-
--#: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
--msgid "First Factor (Current Password): "
--msgstr "1 番目の要素 (現在のパスワード): "
-+#: src/config/SSSDConfig/sssdoptions.py:90
-+msgid "How many seconds to keep identity information cached for PAM requests"
-+msgstr "PAM 要求に対してキャッシュされた認証情報を保持する秒数"
-
--#: src/sss_client/pam_sss.c:2349
--msgid "Current Password: "
--msgstr "現在のパスワード: "
-+#: src/config/SSSDConfig/sssdoptions.py:91
-+msgid "How many days before password expiration a warning should be displayed"
-+msgstr "警告が表示されるパスワード失効前の日数"
-
--#: src/sss_client/pam_sss.c:2704
--msgid "Password expired. Change your password now."
--msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。"
-+#: src/config/SSSDConfig/sssdoptions.py:92
-+msgid "List of trusted uids or user's name"
-+msgstr "信頼できる UID またはユーザー名の一覧"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
--#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
--#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
--#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
--#: src/tools/sss_cache.c:719
--msgid "The debug level to run with"
--msgstr "実行するデバッグレベル"
-+#: src/config/SSSDConfig/sssdoptions.py:93
-+msgid "List of domains accessible even for untrusted users."
-+msgstr "信頼できないユーザーでさえアクセス可能なドメインの一覧。"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
--msgid "The SSSD domain to use"
--msgstr "使用する SSSD ドメイン"
-+#: src/config/SSSDConfig/sssdoptions.py:94
-+msgid "Message printed when user account is expired."
-+msgstr "ユーザーアカウントの有効期限が切れると、メッセージが印刷されます。"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
--#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
--#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
--#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
--#: src/tools/sss_cache.c:765
--msgid "Error setting the locale\n"
--msgstr "ロケールの設定中にエラーが発生しました\n"
-+#: src/config/SSSDConfig/sssdoptions.py:95
-+msgid "Message printed when user account is locked."
-+msgstr "ユーザーアカウントがロックされると、メッセージが印刷されます。"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
--msgid "Not enough memory\n"
--msgstr "十分なメモリーがありません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:96
-+msgid "Allow certificate based/Smartcard authentication."
-+msgstr "証明書ベースまたはスマートカードによる認証を許可します。"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
--msgid "User not specified\n"
--msgstr "ユーザーが指定されていません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:97
-+msgid "Path to certificate database with PKCS#11 modules."
-+msgstr "PKCS#11 モジュールでの証明書データベースへのパス。"
-
--#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
--msgid "Error looking up public keys\n"
--msgstr "公開鍵の検索中にエラーが発生しました\n"
-+#: src/config/SSSDConfig/sssdoptions.py:98
-+msgid "How many seconds will pam_sss wait for p11_child to finish"
-+msgstr "p11_child が完了するまでに pam_sss が待つ秒数"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
--msgid "The port to use to connect to the host"
--msgstr "ホストへの接続に使用するポート"
-+#: src/config/SSSDConfig/sssdoptions.py:99
-+msgid "Which PAM services are permitted to contact application domains"
-+msgstr "アプリケーションドメインへの接続を許可される PAM サービスはどれか"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
--msgid "Print the host ssh public keys"
--msgstr "ホスト SSH 公開鍵を印刷"
-+#: src/config/SSSDConfig/sssdoptions.py:100
-+msgid "Allowed services for using smartcards"
-+msgstr "スマートカードの使用が許可されたサービス"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
--msgid "Invalid port\n"
--msgstr "無効なポート\n"
-+#: src/config/SSSDConfig/sssdoptions.py:101
-+msgid "Additional timeout to wait for a card if requested"
-+msgstr "要求された場合に、カードが待つ追加のタイムアウト"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
--msgid "Host not specified\n"
--msgstr "ホストが指定されていません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:102
-+msgid ""
-+"PKCS#11 URI to restrict the selection of devices for Smartcard "
-+"authentication"
-+msgstr "スマートカード認証向けのデバイスの選択を PKCS#11 URI が制限"
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
--msgid "The path to the proxy command must be absolute\n"
--msgstr "プロキシコマンドへのパスは絶対パスにする必要があります\n"
-+#: src/config/SSSDConfig/sssdoptions.py:103
-+msgid "When shall the PAM responder force an initgroups request"
-+msgstr ""
-
--#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
--#, c-format
--msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
--msgstr "sss_ssh_knownhostsproxy: ホスト名 %s を解決できませんでした\n"
-+#: src/config/SSSDConfig/sssdoptions.py:106
-+msgid "Whether to evaluate the time-based attributes in sudo rules"
-+msgstr "sudo ルールにおいて時間による属性を評価するかどうか"
-
--#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
--msgid "The UID of the user"
--msgstr "ユーザーの UID"
-+#: src/config/SSSDConfig/sssdoptions.py:107
-+msgid "If true, SSSD will switch back to lower-wins ordering logic"
-+msgstr "正しい場合、SSSD は小さい番号が優先される順位付けのロジックへ戻ります"
-
--#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
--msgid "The comment string"
--msgstr "コメント文字列"
-+#: src/config/SSSDConfig/sssdoptions.py:108
-+msgid ""
-+"Maximum number of rules that can be refreshed at once. If this is exceeded, "
-+"full refresh is performed."
-+msgstr "一度にリフレッシュ可能なルールの最大数。最大数を超えると、フルリフレッシュが実行されます。"
-
--#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
--msgid "Home directory"
--msgstr "ホームディレクトリー"
-+#: src/config/SSSDConfig/sssdoptions.py:115
-+msgid "Whether to hash host names and addresses in the known_hosts file"
-+msgstr "known_hosts ファイルにおいてホスト名とアドレスをハッシュ化するかどうか"
-
--#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
--msgid "Login shell"
--msgstr "ログインシェル"
-+#: src/config/SSSDConfig/sssdoptions.py:116
-+msgid ""
-+"How many seconds to keep a host in the known_hosts file after its host keys "
-+"were requested"
-+msgstr "ホスト鍵が要求された後 known_hosts ファイルにホストを保持する秒数"
-
--#: src/tools/sss_useradd.c:53
--msgid "Groups"
--msgstr "グループ"
-+#: src/config/SSSDConfig/sssdoptions.py:118
-+msgid "Path to storage of trusted CA certificates"
-+msgstr "信頼された CA 証明書のストレージへのパス"
-
--#: src/tools/sss_useradd.c:54
--msgid "Create user's directory if it does not exist"
--msgstr "ユーザーのディレクトリーが存在しなければ作成する"
-+#: src/config/SSSDConfig/sssdoptions.py:119
-+msgid "Allow to generate ssh-keys from certificates"
-+msgstr "証明書からの ssh-key の生成を許可します"
-
--#: src/tools/sss_useradd.c:55
--msgid "Never create user's directory, overrides config"
--msgstr "ユーザーのディレクトリーを作成しない、設定を上書きする"
-+#: src/config/SSSDConfig/sssdoptions.py:120
-+msgid ""
-+"Use the following matching rules to filter the certificates for ssh-key "
-+"generation"
-+msgstr "以下の一致するルールを使用して、ssh-key 生成用の証明書をフィルタリングします"
-
--#: src/tools/sss_useradd.c:56
--msgid "Specify an alternative skeleton directory"
--msgstr "代替のスケルトンディレクトリーを指定する"
-+#: src/config/SSSDConfig/sssdoptions.py:124
-+msgid "List of UIDs or user names allowed to access the PAC responder"
-+msgstr "PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
-
--#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
--msgid "The SELinux user for user's login"
--msgstr "ユーザーのログインに対する SELinux ユーザー"
-+#: src/config/SSSDConfig/sssdoptions.py:125
-+msgid "How long the PAC data is considered valid"
-+msgstr "PAC データが有効とされる期間"
-
--#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
--#: src/tools/sss_usermod.c:92
--msgid "Specify group to add to\n"
--msgstr "追加するグループを指定してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:128
-+msgid "List of user attributes the InfoPipe is allowed to publish"
-+msgstr "InfoPipe がパブリッシュを許可されたユーザー属性の一覧"
-
--#: src/tools/sss_useradd.c:111
--msgid "Specify user to add\n"
--msgstr "追加するユーザーを指定してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:131
-+msgid "The provider where the secrets will be stored in"
-+msgstr "シークレットが保存されるプロバイダー"
-
--#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
--#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
--#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
--#: src/tools/sss_usermod.c:162
--msgid "Error initializing the tools - no local domain\n"
--msgstr ""
--"ツールを初期化中にエラーが発生しました - ローカルドメインがありません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:132
-+msgid "The maximum allowed number of nested containers"
-+msgstr "ネストされたコンテナーの最大許可数"
-
--#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
--#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
--#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
--#: src/tools/sss_usermod.c:164
--msgid "Error initializing the tools\n"
--msgstr "ツールを初期化中にエラーが発生しました\n"
-+#: src/config/SSSDConfig/sssdoptions.py:133
-+msgid "The maximum number of secrets that can be stored"
-+msgstr "保存可能なシークレットの最大数"
-
--#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
--#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
--#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
--#: src/tools/sss_usermod.c:173
--msgid "Invalid domain specified in FQDN\n"
--msgstr "FQDN で指定されたドメインが無効です\n"
-+#: src/config/SSSDConfig/sssdoptions.py:134
-+msgid "The maximum number of secrets that can be stored per UID"
-+msgstr "UID ごとに保存可能なシークレットの最大数"
-
--#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
--#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
--#: src/tools/sss_usermod.c:226
--msgid "Internal error while parsing parameters\n"
--msgstr "パラメーターを解析中に内部エラーが発生しました\n"
-+#: src/config/SSSDConfig/sssdoptions.py:135
-+msgid "The maximum payload size of a secret in kilobytes"
-+msgstr "キロバイトでのシークレットの最大ペイロードサイズ"
-
--#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
--#: src/tools/sss_usermod.c:235
--msgid "Groups must be in the same domain as user\n"
--msgstr "グループがユーザーと同じドメインになければいけません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:137
-+msgid "The URL Custodia server is listening on"
-+msgstr "URL Custodia サーバーはリッスンしています"
-
--#: src/tools/sss_useradd.c:159
--#, c-format
--msgid "Cannot find group %1$s in local domain\n"
--msgstr "ローカルドメインにグループ %1$s を見つけられません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:138
-+msgid "The method to use when authenticating to a Custodia server"
-+msgstr "Custodia サーバーへの認証時に使用する方法"
-
--#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
--msgid "Cannot set default values\n"
--msgstr "デフォルト値を設定できません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:139
-+msgid ""
-+"The name of the headers that will be added into a HTTP request with the "
-+"value defined in auth_header_value"
-+msgstr "auth_header_value で値が定義され、HTTP リクエストに追加されるヘッダーの名前"
-
--#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
--msgid "The selected UID is outside the allowed range\n"
--msgstr "選択された UID は許容される範囲を越えています\n"
-+#: src/config/SSSDConfig/sssdoptions.py:141
-+msgid "The value sssd-secrets would use for auth_header_name"
-+msgstr "sssd-secrets の値は、auth_header_name で使用します"
-
--#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
--msgid "Cannot set SELinux login context\n"
--msgstr "SELinux ログインコンテキストを設定できません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:142
-+msgid ""
-+"The list of the headers to forward to the Custodia server together with the "
-+"request"
-+msgstr "要求と共に Custodia サーバーへ転送するヘッダーの一覧"
-
--#: src/tools/sss_useradd.c:224
--msgid "Cannot get info about the user\n"
--msgstr "ユーザーに関する情報を取得できません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:143
-+msgid ""
-+"The username to use when authenticating to a Custodia server using "
-+"basic_auth"
-+msgstr "basic_auth を使った Custodia サーバーへの認証時に使用するユーザー名"
-
--#: src/tools/sss_useradd.c:236
--msgid "User's home directory already exists, not copying data from skeldir\n"
--msgstr ""
--"ユーザーのホームディレクトリーがすでに存在します、スケルトンディレクトリーか"
--"らデータをコピーしません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:144
-+msgid ""
-+"The password to use when authenticating to a Custodia server using "
-+"basic_auth"
-+msgstr "basic_auth を使った Custodia サーバーへの認証時に使用するパスワード"
-
--#: src/tools/sss_useradd.c:239
--#, c-format
--msgid "Cannot create user's home directory: %1$s\n"
--msgstr "ユーザーのホームディレクトリーを作成できません: %1$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:145
-+msgid ""
-+"If true peer's certificate is verified if proxy_url uses https protocol"
-+msgstr "proxy_url が https protocol を使用する場合に、正しいピアの証明書が検証されるかどうか"
-
--#: src/tools/sss_useradd.c:250
--#, c-format
--msgid "Cannot create user's mail spool: %1$s\n"
--msgstr "ユーザーのメールスプールを作成できません: %1$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:146
-+msgid ""
-+"If false peer's certificate may contain different hostname than proxy_url "
-+"when https protocol is used"
-+msgstr "https プロトコルが使用される場合に、間違ったピアの証明書が proxy_url 以外の異なるホスト名を含むかどうか"
-
--#: src/tools/sss_useradd.c:270
--msgid "Could not allocate ID for the user - domain full?\n"
--msgstr "ユーザーに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
-+#: src/config/SSSDConfig/sssdoptions.py:148
-+msgid "Path to directory where certificate authority certificates are stored"
-+msgstr "CA 証明書が保存されているディレクトリーへのパス"
-
--#: src/tools/sss_useradd.c:274
--msgid "A user or group with the same name or ID already exists\n"
--msgstr "同じ名前または ID を持つユーザーまたはグループがすでに存在します\n"
-+#: src/config/SSSDConfig/sssdoptions.py:149
-+msgid "Path to file containing server's CA certificate"
-+msgstr "サーバーの CA 証明書を含むファイルへのパス"
-
--#: src/tools/sss_useradd.c:280
--msgid "Transaction error. Could not add user.\n"
--msgstr "トランザクションエラー。ユーザーを追加できませんでした。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:150
-+msgid "Path to file containing client's certificate"
-+msgstr "クライアントの証明書を含むファイルへのパス"
-
--#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
--msgid "The GID of the group"
--msgstr "グループの GID"
-+#: src/config/SSSDConfig/sssdoptions.py:151
-+msgid "Path to file containing client's private key"
-+msgstr "クライアントの秘密鍵を含むファイルへのパス"
-
--#: src/tools/sss_groupadd.c:76
--msgid "Specify group to add\n"
--msgstr "追加するグループを指定してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:154
-+msgid ""
-+"One of the following strings specifying the scope of session recording: none "
-+"- No users are recorded. some - Users/groups specified by users and groups "
-+"options are recorded. all - All users are recorded."
-+msgstr ""
-
--#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
--msgid "The selected GID is outside the allowed range\n"
--msgstr "選択された GID は許容される範囲を越えています\n"
-+#: src/config/SSSDConfig/sssdoptions.py:157
-+msgid ""
-+"A comma-separated list of users which should have session recording enabled. "
-+"Matches user names as returned by NSS. I.e. after the possible space "
-+"replacement, case changes, etc."
-+msgstr ""
-
--#: src/tools/sss_groupadd.c:143
--msgid "Could not allocate ID for the group - domain full?\n"
--msgstr "グループに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
-+#: src/config/SSSDConfig/sssdoptions.py:159
-+msgid ""
-+"A comma-separated list of groups, members of which should have session "
-+"recording enabled. Matches group names as returned by NSS. I.e. after the "
-+"possible space replacement, case changes, etc."
-+msgstr ""
-
--#: src/tools/sss_groupadd.c:147
--msgid "A group with the same name or GID already exists\n"
--msgstr "同じ名前または GID を持つグループがすでに存在します\n"
-+#: src/config/SSSDConfig/sssdoptions.py:164
-+msgid "Identity provider"
-+msgstr "アイデンティティープロバイダー"
-
--#: src/tools/sss_groupadd.c:153
--msgid "Transaction error. Could not add group.\n"
--msgstr "トランザクションエラー。グループを追加できませんでした。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:165
-+msgid "Authentication provider"
-+msgstr "認証プロバイダー"
-
--#: src/tools/sss_groupdel.c:70
--msgid "Specify group to delete\n"
--msgstr "削除するグループを指定してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:166
-+msgid "Access control provider"
-+msgstr "アクセス制御プロバイダー"
-
--#: src/tools/sss_groupdel.c:104
--#, c-format
--msgid "Group %1$s is outside the defined ID range for domain\n"
--msgstr "グループ %1$s はドメインに対して定義された ID の範囲を越えています\n"
-+#: src/config/SSSDConfig/sssdoptions.py:167
-+msgid "Password change provider"
-+msgstr "パスワード変更プロバイダー"
-
--#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
--#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
--#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
--#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
--#, c-format
--msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:168
-+msgid "SUDO provider"
-+msgstr "SUDO プロバイダー"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:169
-+msgid "Autofs provider"
-+msgstr "Autofs プロバイダー"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:170
-+msgid "Host identity provider"
-+msgstr "ホスト識別プロバイダー"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:171
-+msgid "SELinux provider"
-+msgstr "SELinux プロバイダー"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:172
-+msgid "Session management provider"
-+msgstr "セッションマネージャーのプロバイダー"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:173
-+msgid "Resolver provider"
- msgstr ""
--"NSS リクエストに失敗しました (%1$d)。項目はメモリーキャッシュに残されます。\n"
-
--#: src/tools/sss_groupdel.c:132
-+#: src/config/SSSDConfig/sssdoptions.py:176
-+msgid "Whether the domain is usable by the OS or by applications"
-+msgstr "OS またはアプリケーションがドメインを使用できるかどうか"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:177
-+msgid "Minimum user ID"
-+msgstr "最小ユーザー ID"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:178
-+msgid "Maximum user ID"
-+msgstr "最大ユーザー ID"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:179
-+msgid "Enable enumerating all users/groups"
-+msgstr "すべてのユーザー・グループの列挙を有効にする"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:180
-+msgid "Cache credentials for offline login"
-+msgstr "オフラインログインのためにクレデンシャルをキャッシュする"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:181
-+msgid "Display users/groups in fully-qualified form"
-+msgstr "ユーザー・グループを完全修飾形式で表示する"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:182
-+msgid "Don't include group members in group lookups"
-+msgstr "グループ検索にグループメンバーを含めない"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:183
-+#: src/config/SSSDConfig/sssdoptions.py:193
-+#: src/config/SSSDConfig/sssdoptions.py:194
-+#: src/config/SSSDConfig/sssdoptions.py:195
-+#: src/config/SSSDConfig/sssdoptions.py:196
-+#: src/config/SSSDConfig/sssdoptions.py:197
-+#: src/config/SSSDConfig/sssdoptions.py:198
-+#: src/config/SSSDConfig/sssdoptions.py:199
-+msgid "Entry cache timeout length (seconds)"
-+msgstr "エントリーキャッシュのタイムアウト長(秒)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:184
- msgid ""
--"No such group in local domain. Removing groups only allowed in local "
--"domain.\n"
--msgstr ""
--"そのようなグループはローカルドメインにありません。グループの削除はローカルド"
--"メインにおいてのみ許可されます。\n"
-+"Restrict or prefer a specific address family when performing DNS lookups"
-+msgstr "DNS 検索を実行する時に特定のアドレスファミリーを制限または優先します"
-
--#: src/tools/sss_groupdel.c:137
--msgid "Internal error. Could not remove group.\n"
--msgstr "内部エラー。グループを削除できませんでした。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:185
-+msgid "How long to keep cached entries after last successful login (days)"
-+msgstr "最終ログイン成功時からキャッシュエントリーを保持する日数"
-
--#: src/tools/sss_groupmod.c:44
--msgid "Groups to add this group to"
--msgstr "このグループに追加するグループ"
-+#: src/config/SSSDConfig/sssdoptions.py:186
-+msgid ""
-+"How long should SSSD talk to single DNS server before trying next server "
-+"(miliseconds)"
-+msgstr "次のサーバーを試行するまでに SSSD が単一の DNS サーバーと通信する時間 (ミリ秒)"
-
--#: src/tools/sss_groupmod.c:46
--msgid "Groups to remove this group from"
--msgstr "このグループから削除するグループ"
-+#: src/config/SSSDConfig/sssdoptions.py:188
-+msgid "How long should keep trying to resolve single DNS query (seconds)"
-+msgstr "単一の DNS クエリーの解決を試行する時間 (秒)"
-
--#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
--msgid "Specify group to remove from\n"
--msgstr "削除するグループを指定してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:189
-+msgid "How long to wait for replies from DNS when resolving servers (seconds)"
-+msgstr "サーバーを名前解決する時に DNS から応答を待つ時間(秒)"
-
--#: src/tools/sss_groupmod.c:101
--msgid "Specify group to modify\n"
--msgstr "変更するグループを指定してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:190
-+msgid "The domain part of service discovery DNS query"
-+msgstr "サービス検索 DNS クエリーのドメイン部分"
-
--#: src/tools/sss_groupmod.c:130
-+#: src/config/SSSDConfig/sssdoptions.py:191
-+msgid "Override GID value from the identity provider with this value"
-+msgstr "識別プロバイダーからの GID 値をこの値で上書きする"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:192
-+msgid "Treat usernames as case sensitive"
-+msgstr "ユーザー名が大文字小文字を区別するよう取り扱う"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:200
-+msgid "How often should expired entries be refreshed in background"
-+msgstr "期限切れのエントリーがバックグラウンドで更新される頻度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:201
-+msgid "Whether to automatically update the client's DNS entry"
-+msgstr "自動的にクライアントの DNS エントリーを更新するかどうか"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:202
-+#: src/config/SSSDConfig/sssdoptions.py:232
-+msgid "The TTL to apply to the client's DNS entry after updating it"
-+msgstr "クライアントの DNS 項目を更新後、適用する TTL"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:203
-+#: src/config/SSSDConfig/sssdoptions.py:233
-+msgid "The interface whose IP should be used for dynamic DNS updates"
-+msgstr "動的 DNS 更新のために使用される IP のインターフェース"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:204
-+msgid "How often to periodically update the client's DNS entry"
-+msgstr "どのくらい定期的にクライアントの DNS エントリーを更新するか"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:205
-+msgid "Whether the provider should explicitly update the PTR record as well"
-+msgstr "プロバイダーが同じように PTR レコードを明示的に更新する必要があるかどうか"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:206
-+msgid "Whether the nsupdate utility should default to using TCP"
-+msgstr "nsupdate ユーティリティーが標準で TCP を使用するかどうか"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:207
-+msgid "What kind of authentication should be used to perform the DNS update"
-+msgstr "DNS 更新を実行するために使用すべき認証の種類"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:208
-+msgid "Override the DNS server used to perform the DNS update"
-+msgstr "DNS の更新を実行する際に使用する DNS サーバーを上書き"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:209
-+msgid "Control enumeration of trusted domains"
-+msgstr "信頼されたドメインの列挙を制御"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:210
-+msgid "How often should subdomains list be refreshed"
-+msgstr "サブドメインの一覧のリフレッシュ回数"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:211
-+msgid "List of options that should be inherited into a subdomain"
-+msgstr "サブドメインに継承すべきオプションの一覧"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:212
-+msgid "Default subdomain homedir value"
-+msgstr "デフォルトのサブドメインホームディレクトリーの値"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:213
-+msgid "How long can cached credentials be used for cached authentication"
-+msgstr "証明書キャッシュを認証キャッシュに使用できる期間"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:214
-+msgid "Whether to automatically create private groups for users"
-+msgstr "ユーザーにプライベートグループを自動的に作成するかどうか"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:215
-+msgid "Display a warning N days before the password expires."
-+msgstr "Display a warning N days before the password expires."
-+
-+#: src/config/SSSDConfig/sssdoptions.py:216
- msgid ""
--"Cannot find group in local domain, modifying groups is allowed only in local "
--"domain\n"
-+"Various tags stored by the realmd configuration service for this domain."
- msgstr ""
--"ローカルドメインにグループが見つかりませんでした。グループの変更はローカルド"
--"メインにおいてのみ許可されます\n"
--
--#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
--msgid "Member groups must be in the same domain as parent group\n"
--msgstr "メンバーグループが親グループと同じドメインにある必要があります\n"
-
--#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
--#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
--#, c-format
-+#: src/config/SSSDConfig/sssdoptions.py:217
- msgid ""
--"Cannot find group %1$s in local domain, only groups in local domain are "
--"allowed\n"
-+"The provider which should handle fetching of subdomains. This value should "
-+"be always the same as id_provider."
- msgstr ""
--"ローカルドメインにグループ %1$s が見つかりません。ローカルドメインにあるグ"
--"ループのみが許可されます\n"
-
--#: src/tools/sss_groupmod.c:257
--msgid "Could not modify group - check if member group names are correct\n"
-+#: src/config/SSSDConfig/sssdoptions.py:219
-+msgid ""
-+"How many seconds to keep a host ssh key after refresh. IE how long to cache "
-+"the host key for."
- msgstr ""
--"グループを変更できませんでした - メンバーグループ名が正しいかを確認してくださ"
--"い\n"
-
--#: src/tools/sss_groupmod.c:261
--msgid "Could not modify group - check if groupname is correct\n"
-+#: src/config/SSSDConfig/sssdoptions.py:221
-+msgid ""
-+"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
-+"this value determines the minimal length the first authentication factor "
-+"(long term password) must have to be saved as SHA512 hash into the cache."
- msgstr ""
--"グループを変更できませんでした - グループ名が正しいかを確認してください\n"
-
--#: src/tools/sss_groupmod.c:265
--msgid "Transaction error. Could not modify group.\n"
--msgstr "トランザクションエラー。グループを変更できませんでした。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:227
-+msgid "IPA domain"
-+msgstr "IPA ドメイン"
-
--#: src/tools/sss_groupshow.c:616
--msgid "Magic Private "
--msgstr "マジックプライベート "
-+#: src/config/SSSDConfig/sssdoptions.py:228
-+msgid "IPA server address"
-+msgstr "IPA サーバーのアドレス"
-
--#: src/tools/sss_groupshow.c:615
--#, c-format
--msgid "%1$s%2$sGroup: %3$s\n"
--msgstr "%1$s%2$sGroup: %3$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:229
-+msgid "Address of backup IPA server"
-+msgstr "バックアップ IPA サーバーのアドレス"
-
--#: src/tools/sss_groupshow.c:618
--#, c-format
--msgid "%1$sGID number: %2$d\n"
--msgstr "%1$sGID 番号: %2$d\n"
-+#: src/config/SSSDConfig/sssdoptions.py:230
-+msgid "IPA client hostname"
-+msgstr "IPA クライアントのホスト名"
-
--#: src/tools/sss_groupshow.c:620
--#, c-format
--msgid "%1$sMember users: "
--msgstr "%1$sMember ユーザー: "
-+#: src/config/SSSDConfig/sssdoptions.py:231
-+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
-+msgstr "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか"
-
--#: src/tools/sss_groupshow.c:627
--#, c-format
-+#: src/config/SSSDConfig/sssdoptions.py:234
-+msgid "Search base for HBAC related objects"
-+msgstr "HBAC 関連オブジェクトの検索ベース"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:235
- msgid ""
--"\n"
--"%1$sIs a member of: "
--msgstr ""
--"\n"
--"%1$sIs は次のメンバー: "
-+"The amount of time between lookups of the HBAC rules against the IPA server"
-+msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間"
-
--#: src/tools/sss_groupshow.c:634
--#, c-format
-+#: src/config/SSSDConfig/sssdoptions.py:236
- msgid ""
--"\n"
--"%1$sMember groups: "
--msgstr ""
--"\n"
--"%1$sMember グループ: "
-+"The amount of time in seconds between lookups of the SELinux maps against "
-+"the IPA server"
-+msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間"
-
--#: src/tools/sss_groupshow.c:670
--msgid "Print indirect group members recursively"
--msgstr "間接グループメンバーを再帰的に表示する"
-+#: src/config/SSSDConfig/sssdoptions.py:238
-+msgid "If set to false, host argument given by PAM will be ignored"
-+msgstr "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます"
-
--#: src/tools/sss_groupshow.c:704
--msgid "Specify group to show\n"
--msgstr "表示するグループを指定してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:239
-+msgid "The automounter location this IPA client is using"
-+msgstr "この IPA クライアントが使用している automounter の場所"
-
--#: src/tools/sss_groupshow.c:744
--msgid ""
--"No such group in local domain. Printing groups only allowed in local "
--"domain.\n"
--msgstr ""
--"そのようなグループはローカルドメインにありません。グループの表示はローカルド"
--"メインにおいてのみ許可されます。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:240
-+msgid "Search base for object containing info about IPA domain"
-+msgstr "IPA ドメインに関する情報を含むオブジェクトに対する検索ベース"
-
--#: src/tools/sss_groupshow.c:749
--msgid "Internal error. Could not print group.\n"
--msgstr "内部エラー。グループを表示できませんでした。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:241
-+msgid "Search base for objects containing info about ID ranges"
-+msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索ベース"
-
--#: src/tools/sss_userdel.c:138
--msgid "Remove home directory and mail spool"
--msgstr "ホームディレクトリーとメールスプールを削除する"
-+#: src/config/SSSDConfig/sssdoptions.py:242
-+#: src/config/SSSDConfig/sssdoptions.py:296
-+msgid "Enable DNS sites - location based service discovery"
-+msgstr "DNS サイトの有効化 - 位置ベースのサービス検索"
-
--#: src/tools/sss_userdel.c:140
--msgid "Do not remove home directory and mail spool"
--msgstr "ホームディレクトリーとメールスプールを削除しない"
-+#: src/config/SSSDConfig/sssdoptions.py:243
-+msgid "Search base for view containers"
-+msgstr "ビューコンテナーの検索ベース"
-
--#: src/tools/sss_userdel.c:142
--msgid "Force removal of files not owned by the user"
--msgstr "ユーザーにより所有されていないファイルの強制削除"
-+#: src/config/SSSDConfig/sssdoptions.py:244
-+msgid "Objectclass for view containers"
-+msgstr "ビューコンテナーのオブジェクトクラス"
-
--#: src/tools/sss_userdel.c:144
--msgid "Kill users' processes before removing him"
--msgstr "ユーザーを削除する前にそのユーザーのプロセスを強制停止する"
-+#: src/config/SSSDConfig/sssdoptions.py:245
-+msgid "Attribute with the name of the view"
-+msgstr "ビューの名前の属性"
-
--#: src/tools/sss_userdel.c:190
--msgid "Specify user to delete\n"
--msgstr "削除するユーザーを指定する\n"
-+#: src/config/SSSDConfig/sssdoptions.py:246
-+msgid "Objectclass for override objects"
-+msgstr "上書きされたオブジェクトのオブジェクトクラス"
-
--#: src/tools/sss_userdel.c:236
--#, c-format
--msgid "User %1$s is outside the defined ID range for domain\n"
--msgstr "ユーザー %1$s はドメインに対して定義された ID の範囲を超えています\n"
-+#: src/config/SSSDConfig/sssdoptions.py:247
-+msgid "Attribute with the reference to the original object"
-+msgstr "オリジナルオブジェクトを参照する属性"
-
--#: src/tools/sss_userdel.c:261
--msgid "Cannot reset SELinux login context\n"
--msgstr "SELinux ログインコンテキストをリセットできません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:248
-+msgid "Objectclass for user override objects"
-+msgstr "ユーザーが上書きするオブジェクトのオブジェクトクラス"
-
--#: src/tools/sss_userdel.c:273
--#, c-format
--msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
-+#: src/config/SSSDConfig/sssdoptions.py:249
-+msgid "Objectclass for group override objects"
-+msgstr "グループが上書きするオブジェクトのオブジェクトクラス"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:250
-+msgid "Search base for Desktop Profile related objects"
-+msgstr "デスクトッププロファイルに関連するオブジェクトの検索ベース"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:251
-+msgid ""
-+"The amount of time in seconds between lookups of the Desktop Profile rules "
-+"against the IPA server"
-+msgstr "IPA サーバーに対するデスクトッププロファイルルールを検索している間の秒単位の合計時間"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:253
-+msgid ""
-+"The amount of time in minutes between lookups of Desktop Profiles rules "
-+"against the IPA server when the last request did not find any rule"
-+msgstr "最後の要求がルールを何も見つけなかった場合の IPA サーバーに対するデスクトッププロファイルル ールを検索している間の分単位の合計時間"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:256
-+msgid "The LDAP attribute that contains FQDN of the host."
- msgstr ""
--"警告: ユーザー (uid %1$lu) が削除された時にまだログインしていました。\n"
-
--#: src/tools/sss_userdel.c:278
--msgid "Cannot determine if the user was logged in on this platform"
-+#: src/config/SSSDConfig/sssdoptions.py:257
-+#: src/config/SSSDConfig/sssdoptions.py:280
-+msgid "The object class of a host entry in LDAP."
- msgstr ""
--"ユーザーがこのプラットフォームにログインしていたかを確認できませんでした"
-
--#: src/tools/sss_userdel.c:283
--msgid "Error while checking if the user was logged in\n"
--msgstr "ユーザーがログインしていたかを確認中にエラーが発生しました\n"
-+#: src/config/SSSDConfig/sssdoptions.py:258
-+msgid "Use the given string as search base for host objects."
-+msgstr ""
-
--#: src/tools/sss_userdel.c:290
--#, c-format
--msgid "The post-delete command failed: %1$s\n"
--msgstr "削除後コマンドの実行に失敗しました: %1$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:259
-+msgid "The LDAP attribute that contains the host's SSH public keys."
-+msgstr ""
-
--#: src/tools/sss_userdel.c:310
--msgid "Not removing home dir - not owned by user\n"
-+#: src/config/SSSDConfig/sssdoptions.py:260
-+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
- msgstr ""
--"ホームディレクトリーを削除していません - ユーザーにより所有されていません\n"
-
--#: src/tools/sss_userdel.c:312
--#, c-format
--msgid "Cannot remove homedir: %1$s\n"
--msgstr "ホームディレクトリーを削除できません: %1$s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:261
-+msgid "The LDAP attribute that contains the names of the netgroup's members."
-+msgstr "The LDAP attribute that contains the names of the netgroup's members."
-
--#: src/tools/sss_userdel.c:326
-+#: src/config/SSSDConfig/sssdoptions.py:262
- msgid ""
--"No such user in local domain. Removing users only allowed in local domain.\n"
-+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-+"members of the netgroup."
- msgstr ""
--"そのようなユーザーはローカルドメインにいません。ユーザーの削除はローカルドメ"
--"インにおいてのみ許可されます。\n"
-
--#: src/tools/sss_userdel.c:331
--msgid "Internal error. Could not remove user.\n"
--msgstr "内部エラー。ユーザーを削除できませんでした。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:264
-+msgid ""
-+"The LDAP attribute that lists hosts and host groups that are direct members "
-+"of the netgroup."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:49
--msgid "The GID of the user"
--msgstr "ユーザーの GID"
-+#: src/config/SSSDConfig/sssdoptions.py:266
-+msgid "The LDAP attribute that lists netgroup's memberships."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:53
--msgid "Groups to add this user to"
--msgstr "このユーザーを追加するグループ"
-+#: src/config/SSSDConfig/sssdoptions.py:267
-+msgid ""
-+"The LDAP attribute that lists system users and groups that are direct "
-+"members of the netgroup."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:54
--msgid "Groups to remove this user from"
--msgstr "このユーザーを削除するグループ"
-+#: src/config/SSSDConfig/sssdoptions.py:269
-+msgid "The LDAP attribute that corresponds to the netgroup name."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:55
--msgid "Lock the account"
--msgstr "アカウントをロックする"
-+#: src/config/SSSDConfig/sssdoptions.py:270
-+msgid "The object class of a netgroup entry in LDAP."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:56
--msgid "Unlock the account"
--msgstr "アカウントをロック解除する"
-+#: src/config/SSSDConfig/sssdoptions.py:271
-+msgid ""
-+"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:57
--msgid "Add an attribute/value pair. The format is attrname=value."
--msgstr "属性/値のペアを追加します。フォーマットは attrname=value です。"
-+#: src/config/SSSDConfig/sssdoptions.py:272
-+msgid ""
-+"The LDAP attribute that contains whether or not is user map enabled for "
-+"usage."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:58
--msgid "Delete an attribute/value pair. The format is attrname=value."
--msgstr "属性/値のペアを削除します。フォーマットは attrname=value です。"
-+#: src/config/SSSDConfig/sssdoptions.py:274
-+msgid "The LDAP attribute that contains host category such as 'all'."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:59
-+#: src/config/SSSDConfig/sssdoptions.py:275
- msgid ""
--"Set an attribute to a name/value pair. The format is attrname=value. For "
--"multi-valued attributes, the command replaces the values already present"
-+"The LDAP attribute that contains all hosts / hostgroups this rule match "
-+"against."
- msgstr ""
--"名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持つ属"
--"性の場合、コマンドがすでに存在する値に置き換えられます。"
-
--#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
--#: src/tools/sss_usermod.c:135
--msgid "Specify the attribute name/value pair(s)\n"
--msgstr "属性の名前/値のペアを指定します\n"
-+#: src/config/SSSDConfig/sssdoptions.py:277
-+msgid ""
-+"The LDAP attribute that contains all users / groups this rule match against."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:152
--msgid "Specify user to modify\n"
--msgstr "変更するユーザーを指定してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:279
-+msgid "The LDAP attribute that contains the name of SELinux usermap."
-+msgstr ""
-
--#: src/tools/sss_usermod.c:180
-+#: src/config/SSSDConfig/sssdoptions.py:281
- msgid ""
--"Cannot find user in local domain, modifying users is allowed only in local "
--"domain\n"
-+"The LDAP attribute that contains DN of HBAC rule which can be used for "
-+"matching instead of memberUser and memberHost."
- msgstr ""
--"ローカルドメインにユーザーを見つけられません。ユーザーの変更はローカルドメイ"
--"ンにおいてのみ許可されます。\n"
-
--#: src/tools/sss_usermod.c:322
--msgid "Could not modify user - check if group names are correct\n"
-+#: src/config/SSSDConfig/sssdoptions.py:283
-+msgid "The LDAP attribute that contains SELinux user string itself."
- msgstr ""
--"ユーザーを変更できませんでした - グループ名が正しいかを確認してください\n"
-
--#: src/tools/sss_usermod.c:326
--msgid "Could not modify user - user already member of groups?\n"
-+#: src/config/SSSDConfig/sssdoptions.py:284
-+msgid "The LDAP attribute that contains user category such as 'all'."
- msgstr ""
--"ユーザーを変更できませんでした - ユーザーはすでにグループのメンバーですか?\n"
--
--#: src/tools/sss_usermod.c:330
--msgid "Transaction error. Could not modify user.\n"
--msgstr "トランザクションエラー。ユーザーを変更できませんでした。\n"
-
--#: src/tools/sss_cache.c:245
--msgid "No cache object matched the specified search\n"
--msgstr "指定された検索に一致するキャッシュオブジェクトがありません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:285
-+msgid "The LDAP attribute that contains unique ID of the user map."
-+msgstr ""
-
--#: src/tools/sss_cache.c:536
--#, c-format
--msgid "Couldn't invalidate %1$s\n"
--msgstr "%1$s を無効化できませんでした\n"
-+#: src/config/SSSDConfig/sssdoptions.py:286
-+msgid ""
-+"The option denotes that the SSSD is running on IPA server and should perform "
-+"lookups of users and groups from trusted domains differently."
-+msgstr ""
-
--#: src/tools/sss_cache.c:543
--#, c-format
--msgid "Couldn't invalidate %1$s %2$s\n"
--msgstr "%1$s %2$s を無効化できませんでした\n"
-+#: src/config/SSSDConfig/sssdoptions.py:288
-+msgid "Use the given string as search base for trusted domains."
-+msgstr ""
-
--#: src/tools/sss_cache.c:721
--msgid "Invalidate all cached entries"
--msgstr "すべてのキャッシュエントリーを無効化します"
-+#: src/config/SSSDConfig/sssdoptions.py:291
-+msgid "Active Directory domain"
-+msgstr "Active Directory ドメイン"
-
--#: src/tools/sss_cache.c:723
--msgid "Invalidate particular user"
--msgstr "特定のユーザーを無効にする"
-+#: src/config/SSSDConfig/sssdoptions.py:292
-+msgid "Enabled Active Directory domains"
-+msgstr "有効化された Active Directory ドメイン"
-
--#: src/tools/sss_cache.c:725
--msgid "Invalidate all users"
--msgstr "すべてのユーザーを無効にする"
-+#: src/config/SSSDConfig/sssdoptions.py:293
-+msgid "Active Directory server address"
-+msgstr "Active Directory サーバーアドレス"
-
--#: src/tools/sss_cache.c:727
--msgid "Invalidate particular group"
--msgstr "特定のグループを無効にする"
-+#: src/config/SSSDConfig/sssdoptions.py:294
-+msgid "Active Directory backup server address"
-+msgstr "Active Directory バックアップサーバーのアドレス"
-
--#: src/tools/sss_cache.c:729
--msgid "Invalidate all groups"
--msgstr "すべてのグループを無効にする"
-+#: src/config/SSSDConfig/sssdoptions.py:295
-+msgid "Active Directory client hostname"
-+msgstr "Active Directory クライアントホスト名"
-
--#: src/tools/sss_cache.c:731
--msgid "Invalidate particular netgroup"
--msgstr "特定のネットワークグループを無効にする"
-+#: src/config/SSSDConfig/sssdoptions.py:297
-+#: src/config/SSSDConfig/sssdoptions.py:488
-+msgid "LDAP filter to determine access privileges"
-+msgstr "アクセス権限を決めるための LDAP フィルター"
-
--#: src/tools/sss_cache.c:733
--msgid "Invalidate all netgroups"
--msgstr "すべてのネットワークグループを無効にする"
-+#: src/config/SSSDConfig/sssdoptions.py:298
-+msgid "Whether to use the Global Catalog for lookups"
-+msgstr "検索にグローバルカタログを使用するかどうか"
-
--#: src/tools/sss_cache.c:735
--msgid "Invalidate particular service"
--msgstr "特定のサービスの無効化"
-+#: src/config/SSSDConfig/sssdoptions.py:299
-+msgid "Operation mode for GPO-based access control"
-+msgstr "グローバルカタログベースのアクセス制御に対するオペレーションモード"
-
--#: src/tools/sss_cache.c:737
--msgid "Invalidate all services"
--msgstr "すべてのサービスの無効化"
-+#: src/config/SSSDConfig/sssdoptions.py:300
-+msgid ""
-+"The amount of time between lookups of the GPO policy files against the AD "
-+"server"
-+msgstr "AD サーバーに対する GPO ポリシーファイルを検索している間の合計時間"
-
--#: src/tools/sss_cache.c:740
--msgid "Invalidate particular autofs map"
--msgstr "特定の autofs マップの無効化"
-+#: src/config/SSSDConfig/sssdoptions.py:301
-+msgid ""
-+"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
-+"settings"
-+msgstr "GPO (Deny)InteractiveLogonRight のポリシー設定にマッピングした PAM サービス名"
-
--#: src/tools/sss_cache.c:742
--msgid "Invalidate all autofs maps"
--msgstr "すべての autofs マップの無効化"
-+#: src/config/SSSDConfig/sssdoptions.py:303
-+msgid ""
-+"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
-+"policy settings"
-+msgstr "GPO (Deny)RemoteInteractiveLogonRight のポリシー設定にマッピングした PAM サービス名"
-
--#: src/tools/sss_cache.c:746
--msgid "Invalidate particular SSH host"
--msgstr "特定の SSH ホストを無効化します"
-+#: src/config/SSSDConfig/sssdoptions.py:305
-+msgid ""
-+"PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
-+"settings"
-+msgstr "GPO (Deny)NetworkLogonRight のポリシー設定にマッピングした PAM サービス名"
-
--#: src/tools/sss_cache.c:748
--msgid "Invalidate all SSH hosts"
--msgstr "すべての SSH ホストを無効化します"
-+#: src/config/SSSDConfig/sssdoptions.py:306
-+msgid ""
-+"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
-+msgstr "GPO (Deny)BatchLogonRight のポリシー設定にマッピングした PAM サービス名"
-
--#: src/tools/sss_cache.c:752
--msgid "Invalidate particular sudo rule"
--msgstr "特定の sudo ルールを無効化します"
-+#: src/config/SSSDConfig/sssdoptions.py:307
-+msgid ""
-+"PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
-+"settings"
-+msgstr "(Deny)ServiceLogonRight のポリシー設定にマッピングした PAM サービス名"
-
--#: src/tools/sss_cache.c:754
--msgid "Invalidate all cached sudo rules"
--msgstr "すべてのキャッシュ sudo ルールを無効化します"
-+#: src/config/SSSDConfig/sssdoptions.py:308
-+msgid "PAM service names for which GPO-based access is always granted"
-+msgstr "GPO ベースのアクセスが常に許可される PAM サービス名"
-
--#: src/tools/sss_cache.c:757
--msgid "Only invalidate entries from a particular domain"
--msgstr "特定のドメインのみからエントリーを無効にする"
-+#: src/config/SSSDConfig/sssdoptions.py:309
-+msgid "PAM service names for which GPO-based access is always denied"
-+msgstr "GPO ベースのアクセスが常に拒否される PAM サービス名"
-
--#: src/tools/sss_cache.c:811
-+#: src/config/SSSDConfig/sssdoptions.py:310
- msgid ""
--"Unexpected argument(s) provided, options that invalidate a single object "
--"only accept a single provided argument.\n"
--msgstr ""
--"予期しない引数が提供される場合、1 つのオブジェクトを無効化するオプションは、"
--"提供された引数を 1 つだけ受け取ります。\n"
-+"Default logon right (or permit/deny) to use for unmapped PAM service names"
-+msgstr "マッピングされていない PAM サービス名に使用するデフォルトのログオン権利 (または許可/拒否)"
-
--#: src/tools/sss_cache.c:821
--msgid "Please select at least one object to invalidate\n"
--msgstr "無効化するオブジェクトを少なくとも一つ選択してください\n"
-+#: src/config/SSSDConfig/sssdoptions.py:311
-+msgid "a particular site to be used by the client"
-+msgstr "クライアントが使用する特定のサイト"
-
--#: src/tools/sss_cache.c:904
--#, c-format
-+#: src/config/SSSDConfig/sssdoptions.py:312
- msgid ""
--"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
--"use fully qualified name instead of --domain/-d parameter.\n"
--msgstr ""
--"ドメイン %1$s を開けませんでした。ドメインがサブドメイン (信頼済みドメイン) "
--"であれば、--domain/-d パラメーターの代わりに完全修飾名を使用してください。\n"
-+"Maximum age in days before the machine account password should be renewed"
-+msgstr "マシンアカウントのパスワードの更新が必要となるまでの最大日数"
-
--#: src/tools/sss_cache.c:909
--msgid "Could not open available domains\n"
--msgstr "利用可能なドメインを開けませんでした\n"
-+#: src/config/SSSDConfig/sssdoptions.py:314
-+msgid "Option for tuning the machine account renewal task"
-+msgstr "マシンアカウントの更新タスクをチューニングするオプション"
-
--#: src/tools/tools_util.c:202
--#, c-format
--msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
-+#: src/config/SSSDConfig/sssdoptions.py:315
-+msgid "Whether to update the machine account password in the Samba database"
- msgstr ""
--"名前 '%1$s' が FQDN であるように見えません ('%2$s = TRUE' が設定されます)\n"
-
--#: src/tools/tools_util.c:309
--msgid "Out of memory\n"
--msgstr "メモリー不足\n"
-+#: src/config/SSSDConfig/sssdoptions.py:317
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr "LDAP およびグローバルカタログのリクエストに LDAPS ポートを使用する"
-
--#: src/tools/tools_util.h:40
--#, c-format
--msgid "%1$s must be run as root\n"
--msgstr "%1$s は root として実行する必要があります\n"
-+#: src/config/SSSDConfig/sssdoptions.py:320
-+#: src/config/SSSDConfig/sssdoptions.py:321
-+msgid "Kerberos server address"
-+msgstr "Kerberos サーバーのアドレス"
-
--#: src/tools/sssctl/sssctl.c:35
--msgid "yes"
--msgstr "はい"
-+#: src/config/SSSDConfig/sssdoptions.py:322
-+msgid "Kerberos backup server address"
-+msgstr "Kerberos バックアップサーバーのアドレス"
-
--#: src/tools/sssctl/sssctl.c:37
--msgid "no"
--msgstr "いいえ"
-+#: src/config/SSSDConfig/sssdoptions.py:323
-+msgid "Kerberos realm"
-+msgstr "Kerberos レルム"
-
--#: src/tools/sssctl/sssctl.c:39
--msgid "error"
--msgstr "エラー"
-+#: src/config/SSSDConfig/sssdoptions.py:324
-+msgid "Authentication timeout"
-+msgstr "認証のタイムアウト"
-
--#: src/tools/sssctl/sssctl.c:42
--msgid "Invalid result."
--msgstr "無効な結果。"
-+#: src/config/SSSDConfig/sssdoptions.py:325
-+msgid "Whether to create kdcinfo files"
-+msgstr "kdcinfo ファイルを作成するかどうか"
-
--#: src/tools/sssctl/sssctl.c:78
--msgid "Unable to read user input\n"
--msgstr "ユーザーインプットの読み込みができませんでした\n"
-+#: src/config/SSSDConfig/sssdoptions.py:326
-+msgid "Where to drop krb5 config snippets"
-+msgstr "krb5 設定スニペットを削除する場所"
-
--#: src/tools/sssctl/sssctl.c:91
--#, c-format
--msgid "Invalid input, please provide either '%s' or '%s'.\n"
--msgstr ""
--"無効なインプットです。'%s' または '%s' のいずれかを提供してください。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:329
-+msgid "Directory to store credential caches"
-+msgstr "クレデンシャルのキャッシュを保存するディレクトリー"
-
--#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
--msgid "Error while executing external command\n"
--msgstr "外部のコマンドを実行中にエラーが発生しました\n"
-+#: src/config/SSSDConfig/sssdoptions.py:330
-+msgid "Location of the user's credential cache"
-+msgstr "ユーザーのクレデンシャルキャッシュの位置"
-
--#: src/tools/sssctl/sssctl.c:156
--msgid "SSSD needs to be running. Start SSSD now?"
--msgstr "SSSD を実行する必要があります。SSSD をすぐに実行しますか?"
-+#: src/config/SSSDConfig/sssdoptions.py:331
-+msgid "Location of the keytab to validate credentials"
-+msgstr "クレデンシャルを検証するキーテーブルの場所"
-
--#: src/tools/sssctl/sssctl.c:195
--msgid "SSSD must not be running. Stop SSSD now?"
--msgstr "SSSD を実行してはいけません。SSSD を今、停止しますか?"
-+#: src/config/SSSDConfig/sssdoptions.py:332
-+msgid "Enable credential validation"
-+msgstr "クレデンシャルの検証を有効にする"
-
--#: src/tools/sssctl/sssctl.c:231
--msgid "SSSD needs to be restarted. Restart SSSD now?"
--msgstr "SSSD は再起動が必要です。SSSD を今、再起動しますか?"
-+#: src/config/SSSDConfig/sssdoptions.py:333
-+msgid "Store password if offline for later online authentication"
-+msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
-
--#: src/tools/sssctl/sssctl_cache.c:31
--#, c-format
--msgid " %s is not present in cache.\n"
--msgstr " %s はキャッシュにありません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:334
-+msgid "Renewable lifetime of the TGT"
-+msgstr "更新可能な TGT の有効期間"
-
--#: src/tools/sssctl/sssctl_cache.c:33
--msgid "Name"
--msgstr "名前"
-+#: src/config/SSSDConfig/sssdoptions.py:335
-+msgid "Lifetime of the TGT"
-+msgstr "TGT の有効期間"
-
--#: src/tools/sssctl/sssctl_cache.c:34
--msgid "Cache entry creation date"
--msgstr "キャッシュエントリーの作成日"
-+#: src/config/SSSDConfig/sssdoptions.py:336
-+msgid "Time between two checks for renewal"
-+msgstr "更新を確認する間隔"
-
--#: src/tools/sssctl/sssctl_cache.c:35
--msgid "Cache entry last update time"
--msgstr "キャッシュエントリーが最後に更新された時間"
-+#: src/config/SSSDConfig/sssdoptions.py:337
-+msgid "Enables FAST"
-+msgstr "FAST を有効にする"
-
--#: src/tools/sssctl/sssctl_cache.c:36
--msgid "Cache entry expiration time"
--msgstr "キャッシュエントリーの期限切れ時間"
-+#: src/config/SSSDConfig/sssdoptions.py:338
-+msgid "Selects the principal to use for FAST"
-+msgstr "FAST に使用するプリンシパルを選択する"
-
--#: src/tools/sssctl/sssctl_cache.c:37
--msgid "Cached in InfoPipe"
--msgstr "InfoPipe にキャッシュ"
-+#: src/config/SSSDConfig/sssdoptions.py:339
-+msgid "Enables principal canonicalization"
-+msgstr "プリンシパル正規化を有効にする"
-
--#: src/tools/sssctl/sssctl_cache.c:522
--#, c-format
--msgid "Error: Unable to get object [%d]: %s\n"
--msgstr "エラー: オブジェクト [%d] を取得できません: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:340
-+msgid "Enables enterprise principals"
-+msgstr "エンタープライズ・プリンシパルの有効化"
-
--#: src/tools/sssctl/sssctl_cache.c:538
--#, c-format
--msgid "%s: Unable to read value [%d]: %s\n"
--msgstr "%s: 値 [%d] の読み込みができません: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:341
-+msgid "A mapping from user names to Kerberos principal names"
-+msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング"
-
--#: src/tools/sssctl/sssctl_cache.c:566
--msgid "Specify name."
--msgstr "名前を指定します。"
-+#: src/config/SSSDConfig/sssdoptions.py:344
-+#: src/config/SSSDConfig/sssdoptions.py:345
-+msgid "Server where the change password service is running if not on the KDC"
-+msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
-
--#: src/tools/sssctl/sssctl_cache.c:576
--#, c-format
--msgid "Unable to parse name %s.\n"
--msgstr "名前 %s を構文解析できません。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:348
-+msgid "ldap_uri, The URI of the LDAP server"
-+msgstr "ldap_uri, LDAP サーバーの URI"
-
--#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
--msgid "Search by SID"
--msgstr "SID で検索"
-+#: src/config/SSSDConfig/sssdoptions.py:349
-+msgid "ldap_backup_uri, The URI of the LDAP server"
-+msgstr "ldap_backup_uri, LDAP サーバーの URI"
-
--#: src/tools/sssctl/sssctl_cache.c:603
--msgid "Search by user ID"
--msgstr "ユーザーID で検索"
-+#: src/config/SSSDConfig/sssdoptions.py:350
-+msgid "The default base DN"
-+msgstr "デフォルトのベース DN"
-
--#: src/tools/sssctl/sssctl_cache.c:612
--msgid "Initgroups expiration time"
--msgstr "Initgroups の期限切れ時間"
-+#: src/config/SSSDConfig/sssdoptions.py:351
-+msgid "The Schema Type in use on the LDAP server, rfc2307"
-+msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307"
-
--#: src/tools/sssctl/sssctl_cache.c:650
--msgid "Search by group ID"
--msgstr "グループ ID で検索"
-+#: src/config/SSSDConfig/sssdoptions.py:352
-+msgid "Mode used to change user password"
-+msgstr "ユーザーのパスワードの変更にモードを使用しました"
-
--#: src/tools/sssctl/sssctl_config.c:70
--#, c-format
--msgid "Failed to open %s\n"
--msgstr "%s を開くことに失敗しました\n"
-+#: src/config/SSSDConfig/sssdoptions.py:353
-+msgid "The default bind DN"
-+msgstr "デフォルトのバインド DN"
-
--#: src/tools/sssctl/sssctl_config.c:75
--#, c-format
--msgid "File %1$s does not exist.\n"
--msgstr "ファイル %1$s は存在しません。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:354
-+msgid "The type of the authentication token of the default bind DN"
-+msgstr "デフォルトのバインド DN の認証トークンの種類"
-
--#: src/tools/sssctl/sssctl_config.c:79
--msgid ""
--"File ownership and permissions check failed. Expected root:root and 0600.\n"
--msgstr ""
--"ファイルの所有権とパーミッションの確認に失敗しました。予期される root:root お"
--"よび 0600。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:355
-+msgid "The authentication token of the default bind DN"
-+msgstr "デフォルトのバインド DN の認証トークン"
-
--#: src/tools/sssctl/sssctl_config.c:85
--#, fuzzy, c-format
--msgid "Failed to load configuration from %s.\n"
--msgstr "%s からの設定のロードに失敗しました。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:356
-+msgid "Length of time to attempt connection"
-+msgstr "接続を試行する時間"
-
--#: src/tools/sssctl/sssctl_config.c:91
--msgid "Error while reading configuration directory.\n"
--msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:357
-+msgid "Length of time to attempt synchronous LDAP operations"
-+msgstr "LDAP 同期操作を試行する時間"
-
--#: src/tools/sssctl/sssctl_config.c:99
--msgid ""
--"There is no configuration. SSSD will use default configuration with files "
--"provider.\n"
--msgstr ""
--"設定はありません。SSSD は、ファイルプロバイダーでデフォルト設定を使用しま"
--"す。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:358
-+msgid "Length of time between attempts to reconnect while offline"
-+msgstr "オフラインの間に再接続を試行する時間"
-
--#: src/tools/sssctl/sssctl_config.c:111
--msgid "Failed to run validators"
--msgstr "バリデーターの実行に失敗しました"
-+#: src/config/SSSDConfig/sssdoptions.py:359
-+msgid "Use only the upper case for realm names"
-+msgstr "レルム名に対して大文字のみを使用する"
-
--#: src/tools/sssctl/sssctl_config.c:115
--#, c-format
--msgid "Issues identified by validators: %zu\n"
--msgstr "バリデーターで特定された問題: %zu\n"
-+#: src/config/SSSDConfig/sssdoptions.py:360
-+msgid "File that contains CA certificates"
-+msgstr "CA 証明書を含むファイル"
-
--#: src/tools/sssctl/sssctl_config.c:126
--#, c-format
--msgid "Messages generated during configuration merging: %zu\n"
--msgstr "設定のマージ中に生成されたメッセージ: %zu\n"
-+#: src/config/SSSDConfig/sssdoptions.py:361
-+msgid "Path to CA certificate directory"
-+msgstr "CA 証明書のディレクトリーのパス"
-
--#: src/tools/sssctl/sssctl_config.c:137
--#, c-format
--msgid "Used configuration snippet files: %zu\n"
--msgstr "使用された設定スニペットファイル: %zu\n"
-+#: src/config/SSSDConfig/sssdoptions.py:362
-+msgid "File that contains the client certificate"
-+msgstr "クライアント証明書を含むファイル"
-
--#: src/tools/sssctl/sssctl_data.c:89
--#, c-format
--msgid "Unable to create backup directory [%d]: %s"
--msgstr "バックアップディレクトリー [%d] を作成できません: %s"
-+#: src/config/SSSDConfig/sssdoptions.py:363
-+msgid "File that contains the client key"
-+msgstr "クライアントの鍵を含むファイル"
-
--#: src/tools/sssctl/sssctl_data.c:95
--msgid "SSSD backup of local data already exists, override?"
--msgstr ""
--"ローカルデータの SSSD バックアップはすでに存在しますが、上書きしますか?"
-+#: src/config/SSSDConfig/sssdoptions.py:364
-+msgid "List of possible ciphers suites"
-+msgstr "利用可能な暗号の一覧"
-
--#: src/tools/sssctl/sssctl_data.c:111
--msgid "Unable to export user overrides\n"
--msgstr "ユーザーの上書きをエクスポートできません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:365
-+msgid "Require TLS certificate verification"
-+msgstr "TLS 証明書の検証を要求する"
-
--#: src/tools/sssctl/sssctl_data.c:118
--msgid "Unable to export group overrides\n"
--msgstr "グループの上書きをエクスポートできません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:366
-+msgid "Specify the sasl mechanism to use"
-+msgstr "使用する SASL メカニズムを指定する"
-
--#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
--msgid "Override existing backup"
--msgstr "既存のバックアップを上書き"
-+#: src/config/SSSDConfig/sssdoptions.py:367
-+msgid "Specify the sasl authorization id to use"
-+msgstr "使用する SASL 認可 ID を指定する"
-
--#: src/tools/sssctl/sssctl_data.c:164
--msgid "Unable to import user overrides\n"
--msgstr "ユーザーの上書きをインポートできません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:368
-+msgid "Specify the sasl authorization realm to use"
-+msgstr "使用する SASL 認可レルムを指定する"
-
--#: src/tools/sssctl/sssctl_data.c:173
--msgid "Unable to import group overrides\n"
--msgstr "グループの上書きをインポートできません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:369
-+msgid "Specify the minimal SSF for LDAP sasl authorization"
-+msgstr "LDAP SASL 認可の最小 SSF を指定する"
-
--#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
--#: src/tools/sssctl/sssctl_domains.c:328
--msgid "Start SSSD if it is not running"
--msgstr "実行中でない場合、SSSD を開始します"
-+#: src/config/SSSDConfig/sssdoptions.py:370
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "LDAP SASL 認可の最大 SSF を指定する"
-
--#: src/tools/sssctl/sssctl_data.c:195
--msgid "Restart SSSD after data import"
--msgstr "データのインポートの後、SSSD を再起動します"
-+#: src/config/SSSDConfig/sssdoptions.py:371
-+msgid "Kerberos service keytab"
-+msgstr "Kerberos サービスのキーテーブル"
-
--#: src/tools/sssctl/sssctl_data.c:218
--msgid "Create clean cache files and import local data"
--msgstr "クリーンなキャッシュファイルを作成し、ローカルデータをインポートします"
-+#: src/config/SSSDConfig/sssdoptions.py:372
-+msgid "Use Kerberos auth for LDAP connection"
-+msgstr "LDAP 接続に対して Kerberos 認証を使用する"
-
--#: src/tools/sssctl/sssctl_data.c:219
--msgid "Stop SSSD before removing the cache"
--msgstr "キャッシュを削除する前に SSSD を停止します"
-+#: src/config/SSSDConfig/sssdoptions.py:373
-+msgid "Follow LDAP referrals"
-+msgstr "LDAP リフェラルにしたがう"
-
--#: src/tools/sssctl/sssctl_data.c:220
--msgid "Start SSSD when the cache is removed"
--msgstr "キャッシュの削除後に SSSD を開始します"
-+#: src/config/SSSDConfig/sssdoptions.py:374
-+msgid "Lifetime of TGT for LDAP connection"
-+msgstr "LDAP 接続の TGT の有効期間"
-
--#: src/tools/sssctl/sssctl_data.c:235
--msgid "Creating backup of local data...\n"
--msgstr "ローカルデータのバックアップを作成中...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:375
-+msgid "How to dereference aliases"
-+msgstr "エイリアスを参照解決する方法"
-
--#: src/tools/sssctl/sssctl_data.c:238
--msgid "Unable to create backup of local data, can not remove the cache.\n"
--msgstr ""
--"ローカルデータのバックアップの作成ができません。キャッシュを削除できませ"
--"ん。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:376
-+msgid "Service name for DNS service lookups"
-+msgstr "DNS サービス検索のサービス名"
-
--#: src/tools/sssctl/sssctl_data.c:243
--msgid "Removing cache files...\n"
--msgstr "キャッシュファイルの削除中...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:377
-+msgid "The number of records to retrieve in a single LDAP query"
-+msgstr "単一の LDAP クエリーにおいて取得するレコード数"
-
--#: src/tools/sssctl/sssctl_data.c:246
--msgid "Unable to remove cache files\n"
--msgstr "キャッシュファイルを削除できません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:378
-+msgid "The number of members that must be missing to trigger a full deref"
-+msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
-
--#: src/tools/sssctl/sssctl_data.c:251
--msgid "Restoring local data...\n"
--msgstr "ローカルデータの復元中...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:379
-+msgid ""
-+"Whether the LDAP library should perform a reverse lookup to canonicalize the "
-+"host name during a SASL bind"
-+msgstr "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行するかどうか"
-
--#: src/tools/sssctl/sssctl_domains.c:83
--msgid "Show domain list including primary or trusted domain type"
-+#: src/config/SSSDConfig/sssdoptions.py:381
-+msgid ""
-+"Allows to retain local users as members of an LDAP group for servers that "
-+"use the RFC2307 schema."
- msgstr ""
--"プライマリーまたは信頼されたドメインタイプを含むドメインリストを表示します"
-
--#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
--#: src/tools/sssctl/sssctl_user_checks.c:95
--msgid "Unable to connect to system bus!\n"
--msgstr "システムバスに接続できません。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:384
-+msgid "entryUSN attribute"
-+msgstr "entryUSN 属性"
-
--#: src/tools/sssctl/sssctl_domains.c:167
--msgid "Online"
--msgstr "オンライン"
-+#: src/config/SSSDConfig/sssdoptions.py:385
-+msgid "lastUSN attribute"
-+msgstr "lastUSN 属性"
-
--#: src/tools/sssctl/sssctl_domains.c:167
--msgid "Offline"
--msgstr "オフライン"
-+#: src/config/SSSDConfig/sssdoptions.py:387
-+msgid ""
-+"How long to retain a connection to the LDAP server before disconnecting"
-+msgstr "LDAP サーバーを切断する前に接続を保持する時間"
-
--#: src/tools/sssctl/sssctl_domains.c:167
--#, c-format
--msgid "Online status: %s\n"
--msgstr "オンライン状態: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:390
-+msgid "Disable the LDAP paging control"
-+msgstr "LDAP ページング制御を無効化する"
-
--#: src/tools/sssctl/sssctl_domains.c:213
--msgid "This domain has no active servers.\n"
--msgstr "このドメインには、アクティブなサーバーはありません。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:391
-+msgid "Disable Active Directory range retrieval"
-+msgstr "Active Directory 範囲の取得の無効化"
-
--#: src/tools/sssctl/sssctl_domains.c:218
--msgid "Active servers:\n"
--msgstr "アクティブサーバー:\n"
-+#: src/config/SSSDConfig/sssdoptions.py:394
-+msgid "Length of time to wait for a search request"
-+msgstr "検索要求を待つ時間"
-
--#: src/tools/sssctl/sssctl_domains.c:230
--msgid "not connected"
--msgstr "接続していません"
-+#: src/config/SSSDConfig/sssdoptions.py:395
-+msgid "Length of time to wait for a enumeration request"
-+msgstr "列挙の要求を待つ時間"
-
--#: src/tools/sssctl/sssctl_domains.c:267
--msgid "No servers discovered.\n"
--msgstr "サーバーが見つかりません。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:396
-+msgid "Length of time between enumeration updates"
-+msgstr "列挙の更新間隔"
-
--#: src/tools/sssctl/sssctl_domains.c:273
--#, c-format
--msgid "Discovered %s servers:\n"
--msgstr "%s サーバーが見つかりました:\n"
-+#: src/config/SSSDConfig/sssdoptions.py:397
-+msgid "Length of time between cache cleanups"
-+msgstr "キャッシュをクリーンアップする間隔"
-
--#: src/tools/sssctl/sssctl_domains.c:285
--msgid "None so far.\n"
--msgstr "今のところありません。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:398
-+msgid "Require TLS for ID lookups"
-+msgstr "ID 検索に TLS を要求する"
-
--#: src/tools/sssctl/sssctl_domains.c:325
--msgid "Show online status"
--msgstr "オンライン状態を表示"
-+#: src/config/SSSDConfig/sssdoptions.py:399
-+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
-+msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します"
-
--#: src/tools/sssctl/sssctl_domains.c:326
--msgid "Show information about active server"
--msgstr "アクティブサーバーに関する情報の表示"
-+#: src/config/SSSDConfig/sssdoptions.py:400
-+msgid "Base DN for user lookups"
-+msgstr "ユーザー検索のベース DN"
-
--#: src/tools/sssctl/sssctl_domains.c:327
--msgid "Show list of discovered servers"
--msgstr "見つかったサーバーに関する一覧を表示"
-+#: src/config/SSSDConfig/sssdoptions.py:401
-+msgid "Scope of user lookups"
-+msgstr "ユーザー検索の範囲"
-
--#: src/tools/sssctl/sssctl_domains.c:333
--msgid "Specify domain name."
--msgstr "ドメイン名を指定します。"
-+#: src/config/SSSDConfig/sssdoptions.py:402
-+msgid "Filter for user lookups"
-+msgstr "ユーザー検索のフィルター"
-
--#: src/tools/sssctl/sssctl_domains.c:355
--msgid "Out of memory!\n"
--msgstr "メモリーの空き容量がありません。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:403
-+msgid "Objectclass for users"
-+msgstr "ユーザーのオブジェクトクラス"
-
--#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
--msgid "Unable to get online status\n"
--msgstr "オンライン状態を取得できません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:404
-+msgid "Username attribute"
-+msgstr "ユーザー名の属性"
-
--#: src/tools/sssctl/sssctl_domains.c:395
--msgid "Unable to get server list\n"
--msgstr "サーバー一覧を取得できません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:405
-+msgid "UID attribute"
-+msgstr "UID の属性"
-
--#: src/tools/sssctl/sssctl_logs.c:46
--msgid "\n"
--msgstr "\n"
-+#: src/config/SSSDConfig/sssdoptions.py:406
-+msgid "Primary GID attribute"
-+msgstr "プライマリー GID の属性"
-
--#: src/tools/sssctl/sssctl_logs.c:236
--msgid "Delete log files instead of truncating"
--msgstr "切り捨てる代わりにログファイルを削除します"
-+#: src/config/SSSDConfig/sssdoptions.py:407
-+msgid "GECOS attribute"
-+msgstr "GECOS の属性"
-
--#: src/tools/sssctl/sssctl_logs.c:247
--msgid "Deleting log files...\n"
--msgstr "ログファイルを削除中...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:408
-+msgid "Home directory attribute"
-+msgstr "ホームディレクトリーの属性"
-
--#: src/tools/sssctl/sssctl_logs.c:250
--msgid "Unable to remove log files\n"
--msgstr "ログファイルを削除できません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:409
-+msgid "Shell attribute"
-+msgstr "シェルの属性"
-
--#: src/tools/sssctl/sssctl_logs.c:256
--msgid "Truncating log files...\n"
--msgstr "ログファイルを切り捨てます...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:410
-+msgid "UUID attribute"
-+msgstr "UUID 属性"
-
--#: src/tools/sssctl/sssctl_logs.c:259
--msgid "Unable to truncate log files\n"
--msgstr "ログファイルの切り捨てができません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:411
-+#: src/config/SSSDConfig/sssdoptions.py:449
-+msgid "objectSID attribute"
-+msgstr "objectSID 属性"
-
--#: src/tools/sssctl/sssctl_logs.c:285
--msgid "Out of memory!"
--msgstr "メモリーの空き容量がありません。"
-+#: src/config/SSSDConfig/sssdoptions.py:412
-+msgid "Active Directory primary group attribute for ID-mapping"
-+msgstr "ID マッピングの Active Directory プライマリーグループ属性"
-
--#: src/tools/sssctl/sssctl_logs.c:288
--#, c-format
--msgid "Archiving log files into %s...\n"
--msgstr "ログファイルを %s へアーカイブ中...\n"
-+#: src/config/SSSDConfig/sssdoptions.py:413
-+msgid "User principal attribute (for Kerberos)"
-+msgstr "ユーザープリンシパルの属性(Kerberos 用)"
-
--#: src/tools/sssctl/sssctl_logs.c:291
--msgid "Unable to archive log files\n"
--msgstr "ログファイルのアーカイブができません\n"
-+#: src/config/SSSDConfig/sssdoptions.py:414
-+msgid "Full Name"
-+msgstr "氏名"
-
--#: src/tools/sssctl/sssctl_logs.c:316
--msgid "Specify debug level you want to set"
--msgstr "設定したいデバッグレベルを指定します"
-+#: src/config/SSSDConfig/sssdoptions.py:415
-+msgid "memberOf attribute"
-+msgstr "memberOf 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:117
--msgid "SSSD InfoPipe user lookup result:\n"
--msgstr "SSSD InfoPipe ユーザー検索の結果:\n"
-+#: src/config/SSSDConfig/sssdoptions.py:416
-+msgid "Modification time attribute"
-+msgstr "変更日時の属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:167
--#, c-format
--msgid "dlopen failed with [%s].\n"
--msgstr "dlopen は [%s] で失敗しました。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:417
-+msgid "shadowLastChange attribute"
-+msgstr "shadowLastChange 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:174
--#, c-format
--msgid "dlsym failed with [%s].\n"
--msgstr "dlsym は [%s] で失敗しました。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:418
-+msgid "shadowMin attribute"
-+msgstr "shadowMin 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:182
--msgid "malloc failed.\n"
--msgstr "malloc は失敗しました。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:419
-+msgid "shadowMax attribute"
-+msgstr "shadowMax 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:189
--#, c-format
--msgid "sss_getpwnam_r failed with [%d].\n"
--msgstr "sss_getpwnam_r が [%d] で失敗しました。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:420
-+msgid "shadowWarning attribute"
-+msgstr "shadowWarning 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:194
--msgid "SSSD nss user lookup result:\n"
--msgstr "SSSD nss ユーザー検索の結果:\n"
-+#: src/config/SSSDConfig/sssdoptions.py:421
-+msgid "shadowInactive attribute"
-+msgstr "shadowInactive 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:195
--#, c-format
--msgid " - user name: %s\n"
--msgstr " - user name: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:422
-+msgid "shadowExpire attribute"
-+msgstr "shadowExpire 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:196
--#, c-format
--msgid " - user id: %d\n"
--msgstr " - user id: %d\n"
-+#: src/config/SSSDConfig/sssdoptions.py:423
-+msgid "shadowFlag attribute"
-+msgstr "shadowFlag 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:197
--#, c-format
--msgid " - group id: %d\n"
--msgstr " - group id: %d\n"
-+#: src/config/SSSDConfig/sssdoptions.py:424
-+msgid "Attribute listing authorized PAM services"
-+msgstr "認可された PAM サービスを一覧化する属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:198
--#, c-format
--msgid " - gecos: %s\n"
--msgstr " - gecos: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:425
-+msgid "Attribute listing authorized server hosts"
-+msgstr "認可されたサーバーホストを一覧化する属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:199
--#, c-format
--msgid " - home directory: %s\n"
--msgstr " - home directory: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:426
-+msgid "Attribute listing authorized server rhosts"
-+msgstr "認可されたサーバー rhosts を一覧化する属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:200
--#, c-format
--msgid ""
--" - shell: %s\n"
--"\n"
--msgstr ""
--" - shell: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:427
-+msgid "krbLastPwdChange attribute"
-+msgstr "krbLastPwdChange 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:232
--msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
--msgstr "PAM アクション [auth|acct|setc|chau|open|clos]、デフォルト: "
-+#: src/config/SSSDConfig/sssdoptions.py:428
-+msgid "krbPasswordExpiration attribute"
-+msgstr "krbPasswordExpiration 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:235
--msgid "PAM service, default: "
--msgstr "PAM サービス、デフォルト: "
-+#: src/config/SSSDConfig/sssdoptions.py:429
-+msgid "Attribute indicating that server side password policies are active"
-+msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:240
--msgid "Specify user name."
--msgstr "ユーザー名を指定します。"
-+#: src/config/SSSDConfig/sssdoptions.py:430
-+msgid "accountExpires attribute of AD"
-+msgstr "AD の accountExpires 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:247
--#, c-format
--msgid ""
--"user: %s\n"
--"action: %s\n"
--"service: %s\n"
--"\n"
--msgstr ""
--"ユーザー: %s\n"
--"アクション: %s\n"
--"サービス: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:431
-+msgid "userAccountControl attribute of AD"
-+msgstr "AD の userAccountControl 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:252
--#, c-format
--msgid "User name lookup with [%s] failed.\n"
--msgstr "[%s] でのユーザー名の検索に失敗しました。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:432
-+msgid "nsAccountLock attribute"
-+msgstr "nsAccountLock 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:257
--#, c-format
--msgid "InfoPipe User lookup with [%s] failed.\n"
--msgstr "[%s] での InfoPipe ユーザーの検索に失敗しました。\n"
-+#: src/config/SSSDConfig/sssdoptions.py:433
-+msgid "loginDisabled attribute of NDS"
-+msgstr "NDS の loginDisabled 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:263
--#, c-format
--msgid "pam_start failed: %s\n"
--msgstr "pam_start に失敗しました: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:434
-+msgid "loginExpirationTime attribute of NDS"
-+msgstr "NDS の loginExpirationTime 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:268
--msgid ""
--"testing pam_authenticate\n"
--"\n"
--msgstr ""
--"pam_authenticate のテスト中\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:435
-+msgid "loginAllowedTimeMap attribute of NDS"
-+msgstr "NDS の loginAllowedTimeMap 属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:272
--#, c-format
--msgid "pam_get_item failed: %s\n"
--msgstr "pam_get_item に失敗しました: %s\n"
-+#: src/config/SSSDConfig/sssdoptions.py:436
-+msgid "SSH public key attribute"
-+msgstr "SSH 公開鍵の属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:275
--#, c-format
--msgid ""
--"pam_authenticate for user [%s]: %s\n"
--"\n"
--msgstr ""
--"ユーザー [%s] 向けの pam_authenticate: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:437
-+msgid "attribute listing allowed authentication types for a user"
-+msgstr "ユーザー用に許可された認証タイプを一覧化する属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:278
--msgid ""
--"testing pam_chauthtok\n"
--"\n"
--msgstr ""
--"pam_chauthtok のテスト中\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:438
-+msgid "attribute containing the X509 certificate of the user"
-+msgstr "ユーザーの X509 証明書を含む属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:280
--#, c-format
--msgid ""
--"pam_chauthtok: %s\n"
--"\n"
--msgstr ""
--"pam_chauthtok: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:439
-+msgid "attribute containing the email address of the user"
-+msgstr "ユーザーの電子メールアドレスを含む属性"
-
--#: src/tools/sssctl/sssctl_user_checks.c:282
--msgid ""
--"testing pam_acct_mgmt\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:440
-+msgid "A list of extra attributes to download along with the user entry"
-+msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:442
-+msgid "Base DN for group lookups"
-+msgstr "グループ検索のベース DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:443
-+msgid "Objectclass for groups"
-+msgstr "グループのオブジェクトクラス"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:444
-+msgid "Group name"
-+msgstr "グループ名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:445
-+msgid "Group password"
-+msgstr "グループのパスワード"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:446
-+msgid "GID attribute"
-+msgstr "GID 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:447
-+msgid "Group member attribute"
-+msgstr "グループメンバー属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:448
-+msgid "Group UUID attribute"
-+msgstr "グループ UUID 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:450
-+msgid "Modification time attribute for groups"
-+msgstr "グループの変更日時の属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:451
-+msgid "Type of the group and other flags"
-+msgstr "グループおよび他のフラグのタイプ"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:452
-+msgid "The LDAP group external member attribute"
-+msgstr "LDAP グループの外部メンバーの属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:453
-+msgid "Maximum nesting level SSSD will follow"
-+msgstr "SSSD が従う最大ネストレベル"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:454
-+msgid "Filter for group lookups"
- msgstr ""
--"pam_acct_mgmt のテスト中\n"
--"\n"
-
--#: src/tools/sssctl/sssctl_user_checks.c:284
--#, c-format
--msgid ""
--"pam_acct_mgmt: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:455
-+msgid "Scope of group lookups"
- msgstr ""
--"pam_acct_mgmt: %s\n"
--"\n"
-
--#: src/tools/sssctl/sssctl_user_checks.c:286
--msgid ""
--"testing pam_setcred\n"
--"\n"
--msgstr ""
--"pam_setcred のテスト中\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:457
-+msgid "Base DN for netgroup lookups"
-+msgstr "ネットグループ検索のベース DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:458
-+msgid "Objectclass for netgroups"
-+msgstr "ネットグループのオブジェクトクラス"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:459
-+msgid "Netgroup name"
-+msgstr "ネットグループ名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:460
-+msgid "Netgroups members attribute"
-+msgstr "ネットグループメンバーの属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:461
-+msgid "Netgroup triple attribute"
-+msgstr "ネットグループの三つ組の属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:462
-+msgid "Modification time attribute for netgroups"
-+msgstr "ネットグループの変更日時の属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:464
-+msgid "Base DN for service lookups"
-+msgstr "サービス検索のベース DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:465
-+msgid "Objectclass for services"
-+msgstr "サービスのオブジェクトクラス"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:466
-+msgid "Service name attribute"
-+msgstr "サービス名の属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:467
-+msgid "Service port attribute"
-+msgstr "サービスポートの属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:468
-+msgid "Service protocol attribute"
-+msgstr "サービスプロトコルの属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:470
-+msgid "Lower bound for ID-mapping"
-+msgstr "ID マッピングの下限"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:471
-+msgid "Upper bound for ID-mapping"
-+msgstr "ID マッピングの上限"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:472
-+msgid "Number of IDs for each slice when ID-mapping"
-+msgstr "ID マッピングするとき、各スライスに対する ID の数"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:473
-+msgid "Use autorid-compatible algorithm for ID-mapping"
-+msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:474
-+msgid "Name of the default domain for ID-mapping"
-+msgstr "ID マッピングに対するデフォルトドメインの名前"
-
--#: src/tools/sssctl/sssctl_user_checks.c:288
--#, c-format
--msgid ""
--"pam_setcred: [%s]\n"
--"\n"
--msgstr ""
--"pam_setcred: [%s]\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:475
-+msgid "SID of the default domain for ID-mapping"
-+msgstr "ID マッピングに対するデフォルトドメインの SID"
-
--#: src/tools/sssctl/sssctl_user_checks.c:290
--msgid ""
--"testing pam_open_session\n"
--"\n"
--msgstr ""
--"pam_open_session のテスト中\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:476
-+msgid "Number of secondary slices"
-+msgstr "セカンダリースライスの数"
-
--#: src/tools/sssctl/sssctl_user_checks.c:292
--#, c-format
--msgid ""
--"pam_open_session: %s\n"
--"\n"
--msgstr ""
--"pam_open_session: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:478
-+msgid "Whether to use Token-Groups"
-+msgstr "Token-Group を使うかどうか"
-
--#: src/tools/sssctl/sssctl_user_checks.c:294
--msgid ""
--"testing pam_close_session\n"
--"\n"
--msgstr ""
--"pam_close_session のテスト中\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:479
-+msgid "Set lower boundary for allowed IDs from the LDAP server"
-+msgstr "LDAP サーバーから許可される ID の下限の設定"
-
--#: src/tools/sssctl/sssctl_user_checks.c:296
--#, c-format
--msgid ""
--"pam_close_session: %s\n"
--"\n"
--msgstr ""
--"pam_close_session: %s\n"
--"\n"
-+#: src/config/SSSDConfig/sssdoptions.py:480
-+msgid "Set upper boundary for allowed IDs from the LDAP server"
-+msgstr "LDAP サーバーから許可される ID の上限の設定"
-
--#: src/tools/sssctl/sssctl_user_checks.c:298
--msgid "unknown action\n"
--msgstr "不明なアクション\n"
-+#: src/config/SSSDConfig/sssdoptions.py:481
-+msgid "DN for ppolicy queries"
-+msgstr "ppolicy クエリーの DN"
-
--#: src/tools/sssctl/sssctl_user_checks.c:301
--msgid "PAM Environment:\n"
--msgstr "PAM 環境:\n"
-+#: src/config/SSSDConfig/sssdoptions.py:482
-+msgid "How many maximum entries to fetch during a wildcard request"
-+msgstr "ワイルドカードの要求の間に取得する最大エントリーの数"
-
--#: src/tools/sssctl/sssctl_user_checks.c:309
--msgid " - no env -\n"
--msgstr " - no env -\n"
-+#: src/config/SSSDConfig/sssdoptions.py:485
-+msgid "Policy to evaluate the password expiration"
-+msgstr "パスワード失効の評価のポリシー"
-
--#: src/util/util.h:82
--msgid "The user ID to run the server as"
--msgstr "次のようにサーバーを実行するユーザー ID"
-+#: src/config/SSSDConfig/sssdoptions.py:489
-+msgid "Which attributes shall be used to evaluate if an account is expired"
-+msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
-
--#: src/util/util.h:84
--msgid "The group ID to run the server as"
--msgstr "次のようにサーバーを実行するグループ ID"
-+#: src/config/SSSDConfig/sssdoptions.py:490
-+msgid "Which rules should be used to evaluate access control"
-+msgstr "どのルールがアクセス制御を評価するために使用されるか"
-
--#: src/util/util.h:92
--msgid "Informs that the responder has been socket-activated"
--msgstr "レスポンダーがソケットでアクティベートされたと知らせます"
-+#: src/config/SSSDConfig/sssdoptions.py:493
-+msgid "URI of an LDAP server where password changes are allowed"
-+msgstr "パスワードの変更が許可される LDAP サーバーの URI"
-
--#: src/util/util.h:94
--msgid "Informs that the responder has been dbus-activated"
--msgstr "レスポンダーが dbus でアクティベートされたと知らせます"
-+#: src/config/SSSDConfig/sssdoptions.py:494
-+msgid "URI of a backup LDAP server where password changes are allowed"
-+msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI"
-
--#~ msgid "Set the verbosity of the debug logging"
--#~ msgstr "デバッグのロギングの冗長性を設定する"
-+#: src/config/SSSDConfig/sssdoptions.py:495
-+msgid "DNS service name for LDAP password change server"
-+msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
-
--#~ msgid "Include timestamps in debug logs"
--#~ msgstr "デバッグログにタイムスタンプを含める"
-+#: src/config/SSSDConfig/sssdoptions.py:496
-+msgid ""
-+"Whether to update the ldap_user_shadow_last_change attribute after a "
-+"password change"
-+msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか"
-
--#~ msgid "Include microseconds in timestamps in debug logs"
--#~ msgstr "デバッグログにミリ秒単位のタイムスタンプを含める"
-+#: src/config/SSSDConfig/sssdoptions.py:500
-+msgid "Base DN for sudo rules lookups"
-+msgstr "sudo ルール検索のベース DN"
-
--#~ msgid "Write debug messages to logfiles"
--#~ msgstr "デバッグメッセージをログファイルに書き込む"
-+#: src/config/SSSDConfig/sssdoptions.py:501
-+msgid "Automatic full refresh period"
-+msgstr "自動的な完全更新間隔"
-
--#~ msgid "Watchdog timeout before restarting service"
--#~ msgstr "サービス再起動前の Watchdog タイムアウト"
-+#: src/config/SSSDConfig/sssdoptions.py:502
-+msgid "Automatic smart refresh period"
-+msgstr "自動的なスマート更新間隔"
-
--#~ msgid "Command to start service"
--#~ msgstr "サービス開始のコマンド"
-+#: src/config/SSSDConfig/sssdoptions.py:503
-+msgid "Whether to filter rules by hostname, IP addresses and network"
-+msgstr "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどうか"
-
--#~ msgid "Number of times to attempt connection to Data Providers"
--#~ msgstr "データプロバイダーの接続を試行する回数"
-+#: src/config/SSSDConfig/sssdoptions.py:504
-+msgid ""
-+"Hostnames and/or fully qualified domain names of this machine to filter sudo "
-+"rules"
-+msgstr "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン名"
-
--#~ msgid "The number of file descriptors that may be opened by this responder"
--#~ msgstr "このレスポンダーににより開かれるファイル記述子の数"
-+#: src/config/SSSDConfig/sssdoptions.py:505
-+msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
-+msgstr "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネットワーク"
-
--#~ msgid "Idle time before automatic disconnection of a client"
--#~ msgstr "クライアントの自動切断までのアイドル時間"
-+#: src/config/SSSDConfig/sssdoptions.py:506
-+msgid "Whether to include rules that contains netgroup in host attribute"
-+msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか"
-
--#~ msgid "Idle time before automatic shutdown of the responder"
--#~ msgstr "レスポンダーの自動シャットダウンまでのアイドル時間"
-+#: src/config/SSSDConfig/sssdoptions.py:507
-+msgid ""
-+"Whether to include rules that contains regular expression in host attribute"
-+msgstr "ホスト属性に正規表現を含むルールを含めるかどうか"
-
--#~ msgid "Always query all the caches before querying the Data Providers"
--#~ msgstr ""
--#~ "データプロバイダーをクエリーする前に、常にすべてのキャッシュをクエリーしま"
--#~ "す"
-+#: src/config/SSSDConfig/sssdoptions.py:508
-+msgid "Object class for sudo rules"
-+msgstr "sudo ルールのオブジェクトクラス"
-
--#~ msgid "SSSD Services to start"
--#~ msgstr "開始する SSSD サービス"
-+#: src/config/SSSDConfig/sssdoptions.py:509
-+msgid "Name of attribute that is used as object class for sudo rules"
-+msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前"
-
--#~ msgid "SSSD Domains to start"
--#~ msgstr "開始する SSSD ドメイン"
-+#: src/config/SSSDConfig/sssdoptions.py:510
-+msgid "Sudo rule name"
-+msgstr "sudo ルール名"
-
--#~ msgid "Timeout for messages sent over the SBUS"
--#~ msgstr "SBUS 経由のメッセージ送信のタイムアウト"
-+#: src/config/SSSDConfig/sssdoptions.py:511
-+msgid "Sudo rule command attribute"
-+msgstr "sudo ルールのコマンドの属性"
-
--#~ msgid "Regex to parse username and domain"
--#~ msgstr "ユーザー名とドメインを構文解析する正規表現"
-+#: src/config/SSSDConfig/sssdoptions.py:512
-+msgid "Sudo rule host attribute"
-+msgstr "sudo ルールのホストの属性"
-
--#~ msgid "Printf-compatible format for displaying fully-qualified names"
--#~ msgstr "完全修飾名を表示するための printf 互換の形式"
-+#: src/config/SSSDConfig/sssdoptions.py:513
-+msgid "Sudo rule user attribute"
-+msgstr "sudo ルールのユーザーの属性"
-
--#~ msgid ""
--#~ "Directory on the filesystem where SSSD should store Kerberos replay cache "
--#~ "files."
--#~ msgstr ""
--#~ "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムの"
--#~ "ディレクトリーです。"
-+#: src/config/SSSDConfig/sssdoptions.py:514
-+msgid "Sudo rule option attribute"
-+msgstr "sudo ルールのオプションの属性"
-
--#~ msgid "Domain to add to names without a domain component."
--#~ msgstr "domain 要素なしで追加するドメインの名前。"
-+#: src/config/SSSDConfig/sssdoptions.py:515
-+msgid "Sudo rule runas attribute"
-+msgstr "sudo ルールの runas の属性"
-
--#~ msgid "The user to drop privileges to"
--#~ msgstr "ユーザーが特権を停止します"
-+#: src/config/SSSDConfig/sssdoptions.py:516
-+msgid "Sudo rule runasuser attribute"
-+msgstr "sudo ルールの runasuser の属性"
-
--#~ msgid "Tune certificate verification"
--#~ msgstr "証明書検証の調整"
-+#: src/config/SSSDConfig/sssdoptions.py:517
-+msgid "Sudo rule runasgroup attribute"
-+msgstr "sudo ルールの runasgroup の属性"
-
--#~ msgid ""
--#~ "All spaces in group or user names will be replaced with this character"
--#~ msgstr ""
--#~ "グループ名またはユーザー名のすべてのスペースは、この文字に置き換えられます"
-+#: src/config/SSSDConfig/sssdoptions.py:518
-+msgid "Sudo rule notbefore attribute"
-+msgstr "sudo ルールの notbefore の属性"
-
--#~ msgid "Tune sssd to honor or ignore netlink state changes"
--#~ msgstr "SSSD を調整し、netlink の状態変更を尊重するか、または無視します"
-+#: src/config/SSSDConfig/sssdoptions.py:519
-+msgid "Sudo rule notafter attribute"
-+msgstr "sudo ルールの notafter の属性"
-
--#~ msgid "Enable or disable the implicit files domain"
--#~ msgstr "暗黙のファイルドメインを有効化または無効化する"
-+#: src/config/SSSDConfig/sssdoptions.py:520
-+msgid "Sudo rule order attribute"
-+msgstr "sudo ルールの order の属性"
-
--#~ msgid "A specific order of the domains to be looked up"
--#~ msgstr "検索するドメインの特定の順番"
-+#: src/config/SSSDConfig/sssdoptions.py:523
-+msgid "Object class for automounter maps"
-+msgstr "automounter マップのオブジェクトクラス"
-
--#~ msgid "Enumeration cache timeout length (seconds)"
--#~ msgstr "列挙キャッシュのタイムアウト(秒)"
-+#: src/config/SSSDConfig/sssdoptions.py:524
-+msgid "Automounter map name attribute"
-+msgstr "オートマウントのマップ名の属性"
-
--#~ msgid "Entry cache background update timeout length (seconds)"
--#~ msgstr "エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)"
-+#: src/config/SSSDConfig/sssdoptions.py:525
-+msgid "Object class for automounter map entries"
-+msgstr "automounter マップエントリーのオブジェクトクラス"
-
--#~ msgid "Negative cache timeout length (seconds)"
--#~ msgstr "ネガティブキャッシュのタイムアウト(秒)"
-+#: src/config/SSSDConfig/sssdoptions.py:526
-+msgid "Automounter map entry key attribute"
-+msgstr "automounter マップエントリーの鍵属性"
-
--#~ msgid "Files negative cache timeout length (seconds)"
--#~ msgstr "ファイルネガティブキャッシュのタイムアウト時間(秒)"
-+#: src/config/SSSDConfig/sssdoptions.py:527
-+msgid "Automounter map entry value attribute"
-+msgstr "automounter マップエントリーの値属性"
-
--#~ msgid "Users that SSSD should explicitly ignore"
--#~ msgstr "SSSD が明示的に無視するユーザー"
-+#: src/config/SSSDConfig/sssdoptions.py:528
-+msgid "Base DN for automounter map lookups"
-+msgstr "automonter のマップ検索のベース DN"
-
--#~ msgid "Groups that SSSD should explicitly ignore"
--#~ msgstr "SSSD が明示的に無視するグループ"
-+#: src/config/SSSDConfig/sssdoptions.py:529
-+msgid "The name of the automount master map in LDAP."
-+msgstr ""
-
--#~ msgid "Should filtered users appear in groups"
--#~ msgstr "フィルターされたユーザーをグループに表示する"
-+#: src/config/SSSDConfig/sssdoptions.py:532
-+msgid "Base DN for IP hosts lookups"
-+msgstr ""
-
--#~ msgid "The value of the password field the NSS provider should return"
--#~ msgstr "NSS プロバイダーが返すパスワード項目の値"
-+#: src/config/SSSDConfig/sssdoptions.py:533
-+msgid "Object class for IP hosts"
-+msgstr ""
-
--#~ msgid "Override homedir value from the identity provider with this value"
--#~ msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする"
-+#: src/config/SSSDConfig/sssdoptions.py:534
-+msgid "IP host name attribute"
-+msgstr ""
-
--#~ msgid ""
--#~ "Substitute empty homedir value from the identity provider with this value"
--#~ msgstr ""
--#~ "アイデンティティープロバイダーからの空のホームディレクトリーをこの値で置き"
--#~ "換えます"
-+#: src/config/SSSDConfig/sssdoptions.py:535
-+msgid "IP host number (address) attribute"
-+msgstr ""
-
--#~ msgid "Override shell value from the identity provider with this value"
--#~ msgstr "アイデンティティープロバイダーからのシェル値をこの値で上書きします"
-+#: src/config/SSSDConfig/sssdoptions.py:536
-+msgid "IP host entryUSN attribute"
-+msgstr ""
-
--#~ msgid "The list of shells users are allowed to log in with"
--#~ msgstr "ユーザーがログインを許可されるシェルの一覧"
-+#: src/config/SSSDConfig/sssdoptions.py:537
-+msgid "Base DN for IP networks lookups"
-+msgstr ""
-
--#~ msgid ""
--#~ "The list of shells that will be vetoed, and replaced with the fallback "
--#~ "shell"
--#~ msgstr "拒否されてフォールバックシェルで置き換えられるシェルの一覧"
-+#: src/config/SSSDConfig/sssdoptions.py:538
-+msgid "Object class for IP networks"
-+msgstr ""
-
--#~ msgid ""
--#~ "If a shell stored in central directory is allowed but not available, use "
--#~ "this fallback"
--#~ msgstr ""
--#~ "中央ディレクトリーに保存されたシェルが許可されるが、利用できない場合、この"
--#~ "フォールバックを使用する"
-+#: src/config/SSSDConfig/sssdoptions.py:539
-+msgid "IP network name attribute"
-+msgstr ""
-
--#~ msgid "Shell to use if the provider does not list one"
--#~ msgstr "プロバイダーが一覧に持っていないとき使用するシェル"
-+#: src/config/SSSDConfig/sssdoptions.py:540
-+msgid "IP network number (address) attribute"
-+msgstr ""
-
--#~ msgid "How long will be in-memory cache records valid"
--#~ msgstr "メモリー内のキャッシュレコードが有効な期間"
-+#: src/config/SSSDConfig/sssdoptions.py:541
-+msgid "IP network entryUSN attribute"
-+msgstr ""
-
--#~ msgid "List of user attributes the NSS responder is allowed to publish"
--#~ msgstr "NSS レスポンダーがパブリッシュを許可されたユーザー属性の一覧"
-+#: src/config/SSSDConfig/sssdoptions.py:544
-+msgid "Comma separated list of allowed users"
-+msgstr "許可ユーザーのカンマ区切り一覧"
-
--#~ msgid "How long to allow cached logins between online logins (days)"
--#~ msgstr ""
--#~ "オンラインログイン中にキャッシュによるログインが許容される期間(日数)"
-+#: src/config/SSSDConfig/sssdoptions.py:545
-+msgid "Comma separated list of prohibited users"
-+msgstr "禁止ユーザーのカンマ区切り一覧"
-
--#~ msgid "How many failed logins attempts are allowed when offline"
--#~ msgstr "オフラインの時に許容されるログイン試行失敗回数"
-+#: src/config/SSSDConfig/sssdoptions.py:546
-+msgid ""
-+"Comma separated list of groups that are allowed to log in. This applies only "
-+"to groups within this SSSD domain. Local groups are not evaluated."
-+msgstr ""
-+"Comma separated list of groups that are allowed to log in. This applies only "
-+"to groups within this SSSD domain. Local groups are not evaluated."
-
--#~ msgid ""
--#~ "How long (minutes) to deny login after offline_failed_login_attempts has "
--#~ "been reached"
--#~ msgstr ""
--#~ "offline_failed_login_attempts に達した後にログインを拒否する時間(分)"
-+#: src/config/SSSDConfig/sssdoptions.py:548
-+msgid ""
-+"Comma separated list of groups that are explicitly denied access. This "
-+"applies only to groups within this SSSD domain. Local groups are not "
-+"evaluated."
-+msgstr ""
-+"Comma separated list of groups that are explicitly denied access. This "
-+"applies only to groups within this SSSD domain. Local groups are not "
-+"evaluated."
-
--#~ msgid ""
--#~ "What kind of messages are displayed to the user during authentication"
--#~ msgstr "認証中にユーザーに表示されるメッセージの種類"
-+#: src/config/SSSDConfig/sssdoptions.py:552
-+msgid "Base for home directories"
-+msgstr "ホームディレクトリーのベース"
-
--#~ msgid "Filter PAM responses sent to the pam_sss"
--#~ msgstr "pam_sss へ送信された PAM のレスポンスをフィルタリングします"
-+#: src/config/SSSDConfig/sssdoptions.py:553
-+msgid "Indicate if a home directory should be created for new users."
-+msgstr ""
-
--#~ msgid ""
--#~ "How many seconds to keep identity information cached for PAM requests"
--#~ msgstr "PAM 要求に対してキャッシュされた認証情報を保持する秒数"
-+#: src/config/SSSDConfig/sssdoptions.py:554
-+msgid "Indicate if a home directory should be removed for deleted users."
-+msgstr ""
-
--#~ msgid ""
--#~ "How many days before password expiration a warning should be displayed"
--#~ msgstr "警告が表示されるパスワード失効前の日数"
-+#: src/config/SSSDConfig/sssdoptions.py:555
-+msgid "Specify the default permissions on a newly created home directory."
-+msgstr ""
-
--#~ msgid "List of trusted uids or user's name"
--#~ msgstr "信頼できる UID またはユーザー名の一覧"
-+#: src/config/SSSDConfig/sssdoptions.py:556
-+msgid "The skeleton directory."
-+msgstr ""
-
--#~ msgid "List of domains accessible even for untrusted users."
--#~ msgstr "信頼できないユーザーでさえアクセス可能なドメインの一覧。"
-+#: src/config/SSSDConfig/sssdoptions.py:557
-+msgid "The mail spool directory."
-+msgstr ""
-
--#~ msgid "Message printed when user account is expired."
--#~ msgstr "ユーザーアカウントの有効期限が切れると、メッセージが印刷されます。"
-+#: src/config/SSSDConfig/sssdoptions.py:558
-+msgid "The command that is run after a user is removed."
-+msgstr ""
-
--#~ msgid "Message printed when user account is locked."
--#~ msgstr "ユーザーアカウントがロックされると、メッセージが印刷されます。"
-+#: src/config/SSSDConfig/sssdoptions.py:561
-+msgid "The number of preforked proxy children."
-+msgstr "事前にフォークされた子プロキシーの数。"
-
--#~ msgid "Allow certificate based/Smartcard authentication."
--#~ msgstr "証明書ベースまたはスマートカードによる認証を許可します。"
-+#: src/config/SSSDConfig/sssdoptions.py:564
-+msgid "The name of the NSS library to use"
-+msgstr "使用する NSS ライブラリーの名前"
-
--#~ msgid "Path to certificate database with PKCS#11 modules."
--#~ msgstr "PKCS#11 モジュールでの証明書データベースへのパス。"
-+#: src/config/SSSDConfig/sssdoptions.py:565
-+msgid "The name of the NSS library to use for hosts and networks lookups"
-+msgstr ""
-
--#~ msgid "How many seconds will pam_sss wait for p11_child to finish"
--#~ msgstr "p11_child が完了するまでに pam_sss が待つ秒数"
-+#: src/config/SSSDConfig/sssdoptions.py:566
-+msgid "Whether to look up canonical group name from cache if possible"
-+msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
-
--#~ msgid "Which PAM services are permitted to contact application domains"
--#~ msgstr "アプリケーションドメインへの接続を許可される PAM サービスはどれか"
-+#: src/config/SSSDConfig/sssdoptions.py:569
-+msgid "PAM stack to use"
-+msgstr "使用する PAM スタック"
-
--#~ msgid "Allowed services for using smartcards"
--#~ msgstr "スマートカードの使用が許可されたサービス"
-+#: src/config/SSSDConfig/sssdoptions.py:572
-+msgid "Path of passwd file sources."
-+msgstr "passwd ファイルソースへのパス"
-
--#~ msgid "Additional timeout to wait for a card if requested"
--#~ msgstr "要求された場合に、カードが待つ追加のタイムアウト"
-+#: src/config/SSSDConfig/sssdoptions.py:573
-+msgid "Path of group file sources."
-+msgstr "グループファイルソースへのパス"
-
--#~ msgid ""
--#~ "PKCS#11 URI to restrict the selection of devices for Smartcard "
--#~ "authentication"
--#~ msgstr "スマートカード認証向けのデバイスの選択を PKCS#11 URI が制限"
-+#: src/monitor/monitor.c:2371
-+msgid "Become a daemon (default)"
-+msgstr "デーモンとして実行(デフォルト)"
-
--#~ msgid "Whether to evaluate the time-based attributes in sudo rules"
--#~ msgstr "sudo ルールにおいて時間による属性を評価するかどうか"
-+#: src/monitor/monitor.c:2373
-+msgid "Run interactive (not a daemon)"
-+msgstr "対話的に実行(デーモンではない)"
-
--#~ msgid "If true, SSSD will switch back to lower-wins ordering logic"
--#~ msgstr ""
--#~ "正しい場合、SSSD は小さい番号が優先される順位付けのロジックへ戻ります"
-+#: src/monitor/monitor.c:2376
-+msgid "Disable netlink interface"
-+msgstr "netlink インターフェースを無効にする"
-
--#~ msgid ""
--#~ "Maximum number of rules that can be refreshed at once. If this is "
--#~ "exceeded, full refresh is performed."
--#~ msgstr ""
--#~ "一度にリフレッシュ可能なルールの最大数。最大数を超えると、フルリフレッシュ"
--#~ "が実行されます。"
-+#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_config.c:77
-+#: src/tools/sssctl/sssctl_logs.c:310
-+msgid "Specify a non-default config file"
-+msgstr "非標準の設定ファイルの指定"
-
--#~ msgid "Whether to hash host names and addresses in the known_hosts file"
--#~ msgstr ""
--#~ "known_hosts ファイルにおいてホスト名とアドレスをハッシュ化するかどうか"
-+#: src/monitor/monitor.c:2380
-+msgid "Refresh the configuration database, then exit"
-+msgstr "設定データベースをリフレッシュし、その後終了します"
-
--#~ msgid ""
--#~ "How many seconds to keep a host in the known_hosts file after its host "
--#~ "keys were requested"
--#~ msgstr "ホスト鍵が要求された後 known_hosts ファイルにホストを保持する秒数"
-+#: src/monitor/monitor.c:2383
-+msgid "Similar to --genconf, but only refreshes the given section"
-+msgstr "--genconf と似ていますが、任意のセクションのみをリフレッシュします"
-
--#~ msgid "Path to storage of trusted CA certificates"
--#~ msgstr "信頼された CA 証明書のストレージへのパス"
-+#: src/monitor/monitor.c:2386
-+msgid "Print version number and exit"
-+msgstr "バージョン番号を表示して終了する"
-
--#~ msgid "Allow to generate ssh-keys from certificates"
--#~ msgstr "証明書からの ssh-key の生成を許可します"
-+#: src/monitor/monitor.c:2532
-+msgid "SSSD is already running\n"
-+msgstr "SSSD はすでに実行中です\n"
-
--#~ msgid ""
--#~ "Use the following matching rules to filter the certificates for ssh-key "
--#~ "generation"
--#~ msgstr ""
--#~ "以下の一致するルールを使用して、ssh-key 生成用の証明書をフィルタリングしま"
--#~ "す"
-+#: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
-+msgid "Debug level"
-+msgstr "デバッグレベル"
-
--#~ msgid "List of UIDs or user names allowed to access the PAC responder"
--#~ msgstr "PAC レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
-+#: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
-+msgid "Add debug timestamps"
-+msgstr "デバッグのタイムスタンプを追加する"
-
--#~ msgid "How long the PAC data is considered valid"
--#~ msgstr "PAC データが有効とされる期間"
-+#: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
-+msgid "Show timestamps with microseconds"
-+msgstr "タイムスタンプをミリ秒単位で表示する"
-
--#~ msgid "List of UIDs or user names allowed to access the InfoPipe responder"
--#~ msgstr ""
--#~ "InfoPipe レスポンダーへのアクセスが許可された UID またはユーザー名の一覧"
-+#: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
-+msgid "An open file descriptor for the debug logs"
-+msgstr "デバッグログのオープンファイルディスクリプター"
-
--#~ msgid "List of user attributes the InfoPipe is allowed to publish"
--#~ msgstr "InfoPipe がパブリッシュを許可されたユーザー属性の一覧"
-+#: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
-+msgid "Send the debug output to stderr directly."
-+msgstr "デバッグ出力を stderr に直接送信します。"
-
--#~ msgid "The provider where the secrets will be stored in"
--#~ msgstr "シークレットが保存されるプロバイダー"
-+#: src/providers/krb5/krb5_child.c:3245
-+msgid "The user to create FAST ccache as"
-+msgstr "次のように FAST ccache を作成するユーザー"
-
--#~ msgid "The maximum allowed number of nested containers"
--#~ msgstr "ネストされたコンテナーの最大許可数"
-+#: src/providers/krb5/krb5_child.c:3247
-+msgid "The group to create FAST ccache as"
-+msgstr "次のように FAST ccache を作成するグループ"
-
--#~ msgid "The maximum number of secrets that can be stored"
--#~ msgstr "保存可能なシークレットの最大数"
-+#: src/providers/krb5/krb5_child.c:3249
-+msgid "Kerberos realm to use"
-+msgstr "使用する Kerberos レルム"
-
--#~ msgid "The maximum number of secrets that can be stored per UID"
--#~ msgstr "UID ごとに保存可能なシークレットの最大数"
-+#: src/providers/krb5/krb5_child.c:3251
-+msgid "Requested lifetime of the ticket"
-+msgstr "チケットの要求された有効期間"
-
--#~ msgid "The maximum payload size of a secret in kilobytes"
--#~ msgstr "キロバイトでのシークレットの最大ペイロードサイズ"
-+#: src/providers/krb5/krb5_child.c:3253
-+msgid "Requested renewable lifetime of the ticket"
-+msgstr "チケットの要求された更新可能な有効期間"
-
--#~ msgid "The URL Custodia server is listening on"
--#~ msgstr "URL Custodia サーバーはリッスンしています"
-+#: src/providers/krb5/krb5_child.c:3255
-+msgid "FAST options ('never', 'try', 'demand')"
-+msgstr "FAST のオプション ('never'、'try'、'demand')"
-
--#~ msgid "The method to use when authenticating to a Custodia server"
--#~ msgstr "Custodia サーバーへの認証時に使用する方法"
-+#: src/providers/krb5/krb5_child.c:3258
-+msgid "Specifies the server principal to use for FAST"
-+msgstr "FAST で使用するサーバープリンシパルを指定します"
-
--#~ msgid ""
--#~ "The name of the headers that will be added into a HTTP request with the "
--#~ "value defined in auth_header_value"
--#~ msgstr ""
--#~ "auth_header_value で値が定義され、HTTP リクエストに追加されるヘッダーの名"
--#~ "前"
-+#: src/providers/krb5/krb5_child.c:3260
-+msgid "Requests canonicalization of the principal name"
-+msgstr "プリンシパル名の正規化を要求します"
-
--#~ msgid "The value sssd-secrets would use for auth_header_name"
--#~ msgstr "sssd-secrets の値は、auth_header_name で使用します"
-+#: src/providers/krb5/krb5_child.c:3262
-+msgid "Use custom version of krb5_get_init_creds_password"
-+msgstr "krb5_get_init_creds_password のカスタムバージョンを使用します"
-
--#~ msgid ""
--#~ "The list of the headers to forward to the Custodia server together with "
--#~ "the request"
--#~ msgstr "要求と共に Custodia サーバーへ転送するヘッダーの一覧"
-+#: src/providers/data_provider_be.c:674
-+msgid "Domain of the information provider (mandatory)"
-+msgstr "情報プロバイダーのドメイン (必須)"
-
--#~ msgid ""
--#~ "The username to use when authenticating to a Custodia server using "
--#~ "basic_auth"
--#~ msgstr "basic_auth を使った Custodia サーバーへの認証時に使用するユーザー名"
-+#: src/sss_client/common.c:1079
-+msgid "Privileged socket has wrong ownership or permissions."
-+msgstr "特権ソケットの所有者またはパーミッションが誤っています。"
-
--#~ msgid ""
--#~ "The password to use when authenticating to a Custodia server using "
--#~ "basic_auth"
--#~ msgstr "basic_auth を使った Custodia サーバーへの認証時に使用するパスワード"
-+#: src/sss_client/common.c:1082
-+msgid "Public socket has wrong ownership or permissions."
-+msgstr "公開ソケットの所有者またはパーミッションが誤っています。"
-
--#~ msgid ""
--#~ "If true peer's certificate is verified if proxy_url uses https protocol"
--#~ msgstr ""
--#~ "proxy_url が https protocol を使用する場合に、正しいピアの証明書が検証され"
--#~ "るかどうか"
-+#: src/sss_client/common.c:1085
-+msgid "Unexpected format of the server credential message."
-+msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。"
-
--#~ msgid ""
--#~ "If false peer's certificate may contain different hostname than proxy_url "
--#~ "when https protocol is used"
--#~ msgstr ""
--#~ "https プロトコルが使用される場合に、間違ったピアの証明書が proxy_url 以外"
--#~ "の異なるホスト名を含むかどうか"
-+#: src/sss_client/common.c:1088
-+msgid "SSSD is not run by root."
-+msgstr "SSSD は root により実行されません。"
-
--#~ msgid ""
--#~ "Path to directory where certificate authority certificates are stored"
--#~ msgstr "CA 証明書が保存されているディレクトリーへのパス"
-+#: src/sss_client/common.c:1091
-+msgid "SSSD socket does not exist."
-+msgstr "SSSD ソケットは存在しません。"
-
--#~ msgid "Path to file containing server's CA certificate"
--#~ msgstr "サーバーの CA 証明書を含むファイルへのパス"
-+#: src/sss_client/common.c:1094
-+msgid "Cannot get stat of SSSD socket."
-+msgstr "SSSD ソケットの統計を取得できません。"
-
--#~ msgid "Path to file containing client's certificate"
--#~ msgstr "クライアントの証明書を含むファイルへのパス"
-+#: src/sss_client/common.c:1099
-+msgid "An error occurred, but no description can be found."
-+msgstr "エラーが発生しましたが、説明がありませんでした。"
-
--#~ msgid "Path to file containing client's private key"
--#~ msgstr "クライアントの秘密鍵を含むファイルへのパス"
-+#: src/sss_client/common.c:1105
-+msgid "Unexpected error while looking for an error description"
-+msgstr "エラーの説明を検索中に予期しないエラーが発生しました"
-
--#~ msgid "Identity provider"
--#~ msgstr "アイデンティティープロバイダー"
-+#: src/sss_client/pam_sss.c:68
-+msgid "Permission denied. "
-+msgstr "パーミッションが拒否されました。"
-
--#~ msgid "Authentication provider"
--#~ msgstr "認証プロバイダー"
-+#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:781
-+#: src/sss_client/pam_sss.c:792
-+msgid "Server message: "
-+msgstr "サーバーのメッセージ: "
-
--#~ msgid "Access control provider"
--#~ msgstr "アクセス制御プロバイダー"
-+#: src/sss_client/pam_sss.c:299
-+msgid "Passwords do not match"
-+msgstr "パスワードが一致しません"
-
--#~ msgid "Password change provider"
--#~ msgstr "パスワード変更プロバイダー"
-+#: src/sss_client/pam_sss.c:487
-+msgid "Password reset by root is not supported."
-+msgstr "root によるパスワードのリセットはサポートされません。"
-
--#~ msgid "SUDO provider"
--#~ msgstr "SUDO プロバイダー"
-+#: src/sss_client/pam_sss.c:528
-+msgid "Authenticated with cached credentials"
-+msgstr "キャッシュされているクレデンシャルを用いて認証されました"
-
--#~ msgid "Autofs provider"
--#~ msgstr "Autofs プロバイダー"
-+#: src/sss_client/pam_sss.c:529
-+msgid ", your cached password will expire at: "
-+msgstr "、キャッシュされたパスワードが失効します: "
-
--#~ msgid "Host identity provider"
--#~ msgstr "ホスト識別プロバイダー"
-+#: src/sss_client/pam_sss.c:559
-+#, c-format
-+msgid "Your password has expired. You have %1$d grace login(s) remaining."
-+msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。"
-
--#~ msgid "SELinux provider"
--#~ msgstr "SELinux プロバイダー"
-+#: src/sss_client/pam_sss.c:605
-+#, c-format
-+msgid "Your password will expire in %1$d %2$s."
-+msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。"
-
--#~ msgid "Session management provider"
--#~ msgstr "セッションマネージャーのプロバイダー"
-+#: src/sss_client/pam_sss.c:654
-+msgid "Authentication is denied until: "
-+msgstr "次まで認証が拒否されます: "
-
--#~ msgid "Whether the domain is usable by the OS or by applications"
--#~ msgstr "OS またはアプリケーションがドメインを使用できるかどうか"
-+#: src/sss_client/pam_sss.c:675
-+msgid "System is offline, password change not possible"
-+msgstr "システムがオフラインです、パスワード変更ができません"
-
--#~ msgid "Minimum user ID"
--#~ msgstr "最小ユーザー ID"
-+#: src/sss_client/pam_sss.c:690
-+msgid ""
-+"After changing the OTP password, you need to log out and back in order to "
-+"acquire a ticket"
-+msgstr "OTP パスワードの変更後、チケットを取得するためにログアウト後に再びログインする必要があります"
-
--#~ msgid "Maximum user ID"
--#~ msgstr "最大ユーザー ID"
-+#: src/sss_client/pam_sss.c:778 src/sss_client/pam_sss.c:791
-+msgid "Password change failed. "
-+msgstr "パスワードの変更に失敗しました。"
-
--#~ msgid "Enable enumerating all users/groups"
--#~ msgstr "すべてのユーザー・グループの列挙を有効にする"
-+#: src/sss_client/pam_sss.c:2015
-+msgid "New Password: "
-+msgstr "新しいパスワード: "
-
--#~ msgid "Cache credentials for offline login"
--#~ msgstr "オフラインログインのためにクレデンシャルをキャッシュする"
-+#: src/sss_client/pam_sss.c:2016
-+msgid "Reenter new Password: "
-+msgstr "新しいパスワードの再入力: "
-
--#~ msgid "Display users/groups in fully-qualified form"
--#~ msgstr "ユーザー・グループを完全修飾形式で表示する"
-+#: src/sss_client/pam_sss.c:2178 src/sss_client/pam_sss.c:2181
-+msgid "First Factor: "
-+msgstr "1 番目の要素: "
-
--#~ msgid "Don't include group members in group lookups"
--#~ msgstr "グループ検索にグループメンバーを含めない"
-+#: src/sss_client/pam_sss.c:2179 src/sss_client/pam_sss.c:2353
-+msgid "Second Factor (optional): "
-+msgstr "2 番目の要素 (オプション): "
-
--#~ msgid "Entry cache timeout length (seconds)"
--#~ msgstr "エントリーキャッシュのタイムアウト長(秒)"
-+#: src/sss_client/pam_sss.c:2182 src/sss_client/pam_sss.c:2356
-+msgid "Second Factor: "
-+msgstr "2 番目の要素: "
-
--#~ msgid ""
--#~ "Restrict or prefer a specific address family when performing DNS lookups"
--#~ msgstr ""
--#~ "DNS 検索を実行する時に特定のアドレスファミリーを制限または優先します"
-+#: src/sss_client/pam_sss.c:2200
-+msgid "Password: "
-+msgstr "パスワード: "
-
--#~ msgid "How long to keep cached entries after last successful login (days)"
--#~ msgstr "最終ログイン成功時からキャッシュエントリーを保持する日数"
-+#: src/sss_client/pam_sss.c:2352 src/sss_client/pam_sss.c:2355
-+msgid "First Factor (Current Password): "
-+msgstr "1 番目の要素 (現在のパスワード): "
-
--#~ msgid ""
--#~ "How long should SSSD talk to single DNS server before trying next server "
--#~ "(miliseconds)"
--#~ msgstr ""
--#~ "次のサーバーを試行するまでに SSSD が単一の DNS サーバーと通信する時間 (ミ"
--#~ "リ秒)"
-+#: src/sss_client/pam_sss.c:2359
-+msgid "Current Password: "
-+msgstr "現在のパスワード: "
-
--#~ msgid "How long should keep trying to resolve single DNS query (seconds)"
--#~ msgstr "単一の DNS クエリーの解決を試行する時間 (秒)"
-+#: src/sss_client/pam_sss.c:2714
-+msgid "Password expired. Change your password now."
-+msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。"
-
--#~ msgid ""
--#~ "How long to wait for replies from DNS when resolving servers (seconds)"
--#~ msgstr "サーバーを名前解決する時に DNS から応答を待つ時間(秒)"
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
-+#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:44
-+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:668
-+#: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
-+#: src/tools/sss_cache.c:719
-+msgid "The debug level to run with"
-+msgstr "実行するデバッグレベル"
-
--#~ msgid "The domain part of service discovery DNS query"
--#~ msgstr "サービス検索 DNS クエリーのドメイン部分"
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
-+msgid "The SSSD domain to use"
-+msgstr "使用する SSSD ドメイン"
-
--#~ msgid "Override GID value from the identity provider with this value"
--#~ msgstr "識別プロバイダーからの GID 値をこの値で上書きする"
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
-+#: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
-+#: src/tools/sss_groupmod.c:66 src/tools/sss_groupshow.c:680
-+#: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
-+#: src/tools/sss_cache.c:765
-+msgid "Error setting the locale\n"
-+msgstr "ロケールの設定中にエラーが発生しました\n"
-
--#~ msgid "Treat usernames as case sensitive"
--#~ msgstr "ユーザー名が大文字小文字を区別するよう取り扱う"
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
-+msgid "Not enough memory\n"
-+msgstr "十分なメモリーがありません\n"
-
--#~ msgid "How often should expired entries be refreshed in background"
--#~ msgstr "期限切れのエントリーがバックグラウンドで更新される頻度"
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
-+msgid "User not specified\n"
-+msgstr "ユーザーが指定されていません\n"
-
--#~ msgid "Whether to automatically update the client's DNS entry"
--#~ msgstr "自動的にクライアントの DNS エントリーを更新するかどうか"
-+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
-+msgid "Error looking up public keys\n"
-+msgstr "公開鍵の検索中にエラーが発生しました\n"
-
--#~ msgid "The TTL to apply to the client's DNS entry after updating it"
--#~ msgstr "クライアントの DNS 項目を更新後、適用する TTL"
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
-+msgid "The port to use to connect to the host"
-+msgstr "ホストへの接続に使用するポート"
-
--#~ msgid "The interface whose IP should be used for dynamic DNS updates"
--#~ msgstr "動的 DNS 更新のために使用される IP のインターフェース"
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
-+msgid "Print the host ssh public keys"
-+msgstr "ホスト SSH 公開鍵を印刷"
-
--#~ msgid "How often to periodically update the client's DNS entry"
--#~ msgstr "どのくらい定期的にクライアントの DNS エントリーを更新するか"
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
-+msgid "Invalid port\n"
-+msgstr "無効なポート\n"
-
--#~ msgid "Whether the provider should explicitly update the PTR record as well"
--#~ msgstr ""
--#~ "プロバイダーが同じように PTR レコードを明示的に更新する必要があるかどうか"
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
-+msgid "Host not specified\n"
-+msgstr "ホストが指定されていません\n"
-
--#~ msgid "Whether the nsupdate utility should default to using TCP"
--#~ msgstr "nsupdate ユーティリティーが標準で TCP を使用するかどうか"
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
-+msgid "The path to the proxy command must be absolute\n"
-+msgstr "プロキシコマンドへのパスは絶対パスにする必要があります\n"
-
--#~ msgid "What kind of authentication should be used to perform the DNS update"
--#~ msgstr "DNS 更新を実行するために使用すべき認証の種類"
-+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
-+#, c-format
-+msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
-+msgstr "sss_ssh_knownhostsproxy: ホスト名 %s を解決できませんでした\n"
-
--#~ msgid "Override the DNS server used to perform the DNS update"
--#~ msgstr "DNS の更新を実行する際に使用する DNS サーバーを上書き"
-+#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
-+msgid "The UID of the user"
-+msgstr "ユーザーの UID"
-
--#~ msgid "Control enumeration of trusted domains"
--#~ msgstr "信頼されたドメインの列挙を制御"
-+#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
-+msgid "The comment string"
-+msgstr "コメント文字列"
-
--#~ msgid "How often should subdomains list be refreshed"
--#~ msgstr "サブドメインの一覧のリフレッシュ回数"
-+#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
-+msgid "Home directory"
-+msgstr "ホームディレクトリー"
-
--#~ msgid "List of options that should be inherited into a subdomain"
--#~ msgstr "サブドメインに継承すべきオプションの一覧"
-+#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
-+msgid "Login shell"
-+msgstr "ログインシェル"
-
--#~ msgid "Default subdomain homedir value"
--#~ msgstr "デフォルトのサブドメインホームディレクトリーの値"
-+#: src/tools/sss_useradd.c:53
-+msgid "Groups"
-+msgstr "グループ"
-
--#~ msgid "How long can cached credentials be used for cached authentication"
--#~ msgstr "証明書キャッシュを認証キャッシュに使用できる期間"
-+#: src/tools/sss_useradd.c:54
-+msgid "Create user's directory if it does not exist"
-+msgstr "ユーザーのディレクトリーが存在しなければ作成する"
-
--#~ msgid "Whether to automatically create private groups for users"
--#~ msgstr "ユーザーにプライベートグループを自動的に作成するかどうか"
-+#: src/tools/sss_useradd.c:55
-+msgid "Never create user's directory, overrides config"
-+msgstr "ユーザーのディレクトリーを作成しない、設定を上書きする"
-
--#~ msgid "IPA domain"
--#~ msgstr "IPA ドメイン"
-+#: src/tools/sss_useradd.c:56
-+msgid "Specify an alternative skeleton directory"
-+msgstr "代替のスケルトンディレクトリーを指定する"
-
--#~ msgid "IPA server address"
--#~ msgstr "IPA サーバーのアドレス"
-+#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
-+msgid "The SELinux user for user's login"
-+msgstr "ユーザーのログインに対する SELinux ユーザー"
-
--#~ msgid "Address of backup IPA server"
--#~ msgstr "バックアップ IPA サーバーのアドレス"
-+#: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
-+#: src/tools/sss_usermod.c:92
-+msgid "Specify group to add to\n"
-+msgstr "追加するグループを指定してください\n"
-
--#~ msgid "IPA client hostname"
--#~ msgstr "IPA クライアントのホスト名"
-+#: src/tools/sss_useradd.c:111
-+msgid "Specify user to add\n"
-+msgstr "追加するユーザーを指定してください\n"
-
--#~ msgid "Whether to automatically update the client's DNS entry in FreeIPA"
--#~ msgstr ""
--#~ "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか"
-+#: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
-+#: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
-+#: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
-+#: src/tools/sss_usermod.c:162
-+msgid "Error initializing the tools - no local domain\n"
-+msgstr "ツールを初期化中にエラーが発生しました - ローカルドメインがありません\n"
-
--#~ msgid "Search base for HBAC related objects"
--#~ msgstr "HBAC 関連オブジェクトの検索ベース"
-+#: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
-+#: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
-+#: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
-+#: src/tools/sss_usermod.c:164
-+msgid "Error initializing the tools\n"
-+msgstr "ツールを初期化中にエラーが発生しました\n"
-
--#~ msgid ""
--#~ "The amount of time between lookups of the HBAC rules against the IPA "
--#~ "server"
--#~ msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間"
-+#: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
-+#: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
-+#: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
-+#: src/tools/sss_usermod.c:173
-+msgid "Invalid domain specified in FQDN\n"
-+msgstr "FQDN で指定されたドメインが無効です\n"
-
--#~ msgid ""
--#~ "The amount of time in seconds between lookups of the SELinux maps against "
--#~ "the IPA server"
--#~ msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単位の合計時間"
-+#: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
-+#: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
-+#: src/tools/sss_usermod.c:226
-+msgid "Internal error while parsing parameters\n"
-+msgstr "パラメーターを解析中に内部エラーが発生しました\n"
-
--#~ msgid "If set to false, host argument given by PAM will be ignored"
--#~ msgstr ""
--#~ "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます"
-+#: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
-+#: src/tools/sss_usermod.c:235
-+msgid "Groups must be in the same domain as user\n"
-+msgstr "グループがユーザーと同じドメインになければいけません\n"
-
--#~ msgid "The automounter location this IPA client is using"
--#~ msgstr "この IPA クライアントが使用している automounter の場所"
-+#: src/tools/sss_useradd.c:159
-+#, c-format
-+msgid "Cannot find group %1$s in local domain\n"
-+msgstr "ローカルドメインにグループ %1$s を見つけられません\n"
-
--#~ msgid "Search base for object containing info about IPA domain"
--#~ msgstr "IPA ドメインに関する情報を含むオブジェクトに対する検索ベース"
-+#: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
-+msgid "Cannot set default values\n"
-+msgstr "デフォルト値を設定できません\n"
-
--#~ msgid "Search base for objects containing info about ID ranges"
--#~ msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索ベース"
-+#: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
-+msgid "The selected UID is outside the allowed range\n"
-+msgstr "選択された UID は許容される範囲を越えています\n"
-
--#~ msgid "Enable DNS sites - location based service discovery"
--#~ msgstr "DNS サイトの有効化 - 位置ベースのサービス検索"
-+#: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
-+msgid "Cannot set SELinux login context\n"
-+msgstr "SELinux ログインコンテキストを設定できません\n"
-
--#~ msgid "Search base for view containers"
--#~ msgstr "ビューコンテナーの検索ベース"
-+#: src/tools/sss_useradd.c:224
-+msgid "Cannot get info about the user\n"
-+msgstr "ユーザーに関する情報を取得できません\n"
-
--#~ msgid "Objectclass for view containers"
--#~ msgstr "ビューコンテナーのオブジェクトクラス"
-+#: src/tools/sss_useradd.c:236
-+msgid "User's home directory already exists, not copying data from skeldir\n"
-+msgstr "ユーザーのホームディレクトリーがすでに存在します、スケルトンディレクトリーからデータをコピーしません\n"
-
--#~ msgid "Attribute with the name of the view"
--#~ msgstr "ビューの名前の属性"
-+#: src/tools/sss_useradd.c:239
-+#, c-format
-+msgid "Cannot create user's home directory: %1$s\n"
-+msgstr "ユーザーのホームディレクトリーを作成できません: %1$s\n"
-
--#~ msgid "Objectclass for override objects"
--#~ msgstr "上書きされたオブジェクトのオブジェクトクラス"
-+#: src/tools/sss_useradd.c:250
-+#, c-format
-+msgid "Cannot create user's mail spool: %1$s\n"
-+msgstr "ユーザーのメールスプールを作成できません: %1$s\n"
-
--#~ msgid "Attribute with the reference to the original object"
--#~ msgstr "オリジナルオブジェクトを参照する属性"
-+#: src/tools/sss_useradd.c:270
-+msgid "Could not allocate ID for the user - domain full?\n"
-+msgstr "ユーザーに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
-
--#~ msgid "Objectclass for user override objects"
--#~ msgstr "ユーザーが上書きするオブジェクトのオブジェクトクラス"
-+#: src/tools/sss_useradd.c:274
-+msgid "A user or group with the same name or ID already exists\n"
-+msgstr "同じ名前または ID を持つユーザーまたはグループがすでに存在します\n"
-
--#~ msgid "Objectclass for group override objects"
--#~ msgstr "グループが上書きするオブジェクトのオブジェクトクラス"
-+#: src/tools/sss_useradd.c:280
-+msgid "Transaction error. Could not add user.\n"
-+msgstr "トランザクションエラー。ユーザーを追加できませんでした。\n"
-
--#~ msgid "Search base for Desktop Profile related objects"
--#~ msgstr "デスクトッププロファイルに関連するオブジェクトの検索ベース"
-+#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
-+msgid "The GID of the group"
-+msgstr "グループの GID"
-
--#~ msgid ""
--#~ "The amount of time in seconds between lookups of the Desktop Profile "
--#~ "rules against the IPA server"
--#~ msgstr ""
--#~ "IPA サーバーに対するデスクトッププロファイルルールを検索している間の秒単位"
--#~ "の合計時間"
-+#: src/tools/sss_groupadd.c:76
-+msgid "Specify group to add\n"
-+msgstr "追加するグループを指定してください\n"
-
--#~ msgid ""
--#~ "The amount of time in minutes between lookups of Desktop Profiles rules "
--#~ "against the IPA server when the last request did not find any rule"
--#~ msgstr ""
--#~ "最後の要求がルールを何も見つけなかった場合の IPA サーバーに対するデスク"
--#~ "トッププロファイルル ールを検索している間の分単位の合計時間"
-+#: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
-+msgid "The selected GID is outside the allowed range\n"
-+msgstr "選択された GID は許容される範囲を越えています\n"
-
--#~ msgid "Active Directory domain"
--#~ msgstr "Active Directory ドメイン"
-+#: src/tools/sss_groupadd.c:143
-+msgid "Could not allocate ID for the group - domain full?\n"
-+msgstr "グループに ID を割り当てられませんでした - ドメインがいっぱいですか?\n"
-
--#~ msgid "Enabled Active Directory domains"
--#~ msgstr "有効化された Active Directory ドメイン"
-+#: src/tools/sss_groupadd.c:147
-+msgid "A group with the same name or GID already exists\n"
-+msgstr "同じ名前または GID を持つグループがすでに存在します\n"
-
--#~ msgid "Active Directory server address"
--#~ msgstr "Active Directory サーバーアドレス"
-+#: src/tools/sss_groupadd.c:153
-+msgid "Transaction error. Could not add group.\n"
-+msgstr "トランザクションエラー。グループを追加できませんでした。\n"
-
--#~ msgid "Active Directory backup server address"
--#~ msgstr "Active Directory バックアップサーバーのアドレス"
-+#: src/tools/sss_groupdel.c:70
-+msgid "Specify group to delete\n"
-+msgstr "削除するグループを指定してください\n"
-
--#~ msgid "Active Directory client hostname"
--#~ msgstr "Active Directory クライアントホスト名"
-+#: src/tools/sss_groupdel.c:104
-+#, c-format
-+msgid "Group %1$s is outside the defined ID range for domain\n"
-+msgstr "グループ %1$s はドメインに対して定義された ID の範囲を越えています\n"
-
--#~ msgid "LDAP filter to determine access privileges"
--#~ msgstr "アクセス権限を決めるための LDAP フィルター"
-+#: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
-+#: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
-+#: src/tools/sss_userdel.c:297 src/tools/sss_usermod.c:282
-+#: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
-+#, c-format
-+msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
-+msgstr "NSS リクエストに失敗しました (%1$d)。項目はメモリーキャッシュに残されます。\n"
-
--#~ msgid "Whether to use the Global Catalog for lookups"
--#~ msgstr "検索にグローバルカタログを使用するかどうか"
-+#: src/tools/sss_groupdel.c:132
-+msgid ""
-+"No such group in local domain. Removing groups only allowed in local domain."
-+"\n"
-+msgstr "そのようなグループはローカルドメインにありません。グループの削除はローカルドメインにおいてのみ許可されます。\n"
-
--#~ msgid "Operation mode for GPO-based access control"
--#~ msgstr "グローバルカタログベースのアクセス制御に対するオペレーションモード"
-+#: src/tools/sss_groupdel.c:137
-+msgid "Internal error. Could not remove group.\n"
-+msgstr "内部エラー。グループを削除できませんでした。\n"
-
--#~ msgid ""
--#~ "The amount of time between lookups of the GPO policy files against the AD "
--#~ "server"
--#~ msgstr "AD サーバーに対する GPO ポリシーファイルを検索している間の合計時間"
-+#: src/tools/sss_groupmod.c:44
-+msgid "Groups to add this group to"
-+msgstr "このグループに追加するグループ"
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
--#~ "settings"
--#~ msgstr ""
--#~ "GPO (Deny)InteractiveLogonRight のポリシー設定にマッピングした PAM サービ"
--#~ "ス名"
-+#: src/tools/sss_groupmod.c:46
-+msgid "Groups to remove this group from"
-+msgstr "このグループから削除するグループ"
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
--#~ "policy settings"
--#~ msgstr ""
--#~ "GPO (Deny)RemoteInteractiveLogonRight のポリシー設定にマッピングした PAM "
--#~ "サービス名"
-+#: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
-+msgid "Specify group to remove from\n"
-+msgstr "削除するグループを指定してください\n"
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
--#~ "settings"
--#~ msgstr ""
--#~ "GPO (Deny)NetworkLogonRight のポリシー設定にマッピングした PAM サービス名"
-+#: src/tools/sss_groupmod.c:101
-+msgid "Specify group to modify\n"
-+msgstr "変更するグループを指定してください\n"
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)BatchLogonRight policy "
--#~ "settings"
--#~ msgstr ""
--#~ "GPO (Deny)BatchLogonRight のポリシー設定にマッピングした PAM サービス名"
-+#: src/tools/sss_groupmod.c:130
-+msgid ""
-+"Cannot find group in local domain, modifying groups is allowed only in local "
-+"domain\n"
-+msgstr "ローカルドメインにグループが見つかりませんでした。グループの変更はローカルドメインにおいてのみ許可されます\n"
-
--#~ msgid ""
--#~ "PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
--#~ "settings"
--#~ msgstr ""
--#~ "(Deny)ServiceLogonRight のポリシー設定にマッピングした PAM サービス名"
-+#: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
-+msgid "Member groups must be in the same domain as parent group\n"
-+msgstr "メンバーグループが親グループと同じドメインにある必要があります\n"
-
--#~ msgid "PAM service names for which GPO-based access is always granted"
--#~ msgstr "GPO ベースのアクセスが常に許可される PAM サービス名"
-+#: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
-+#: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
-+#, c-format
-+msgid ""
-+"Cannot find group %1$s in local domain, only groups in local domain are "
-+"allowed\n"
-+msgstr "ローカルドメインにグループ %1$s が見つかりません。ローカルドメインにあるグループのみが許可されます\n"
-
--#~ msgid "PAM service names for which GPO-based access is always denied"
--#~ msgstr "GPO ベースのアクセスが常に拒否される PAM サービス名"
-+#: src/tools/sss_groupmod.c:257
-+msgid "Could not modify group - check if member group names are correct\n"
-+msgstr "グループを変更できませんでした - メンバーグループ名が正しいかを確認してください\n"
-
--#~ msgid ""
--#~ "Default logon right (or permit/deny) to use for unmapped PAM service names"
--#~ msgstr ""
--#~ "マッピングされていない PAM サービス名に使用するデフォルトのログオン権利 "
--#~ "(または許可/拒否)"
-+#: src/tools/sss_groupmod.c:261
-+msgid "Could not modify group - check if groupname is correct\n"
-+msgstr "グループを変更できませんでした - グループ名が正しいかを確認してください\n"
-
--#~ msgid "a particular site to be used by the client"
--#~ msgstr "クライアントが使用する特定のサイト"
-+#: src/tools/sss_groupmod.c:265
-+msgid "Transaction error. Could not modify group.\n"
-+msgstr "トランザクションエラー。グループを変更できませんでした。\n"
-
--#~ msgid ""
--#~ "Maximum age in days before the machine account password should be renewed"
--#~ msgstr "マシンアカウントのパスワードの更新が必要となるまでの最大日数"
-+#: src/tools/sss_groupshow.c:616
-+msgid "Magic Private "
-+msgstr "マジックプライベート "
-
--#~ msgid "Option for tuning the machine account renewal task"
--#~ msgstr "マシンアカウントの更新タスクをチューニングするオプション"
-+#: src/tools/sss_groupshow.c:615
-+#, c-format
-+msgid "%1$s%2$sGroup: %3$s\n"
-+msgstr "%1$s%2$sGroup: %3$s\n"
-
--#~ msgid "Kerberos server address"
--#~ msgstr "Kerberos サーバーのアドレス"
-+#: src/tools/sss_groupshow.c:618
-+#, c-format
-+msgid "%1$sGID number: %2$d\n"
-+msgstr "%1$sGID 番号: %2$d\n"
-
--#~ msgid "Kerberos backup server address"
--#~ msgstr "Kerberos バックアップサーバーのアドレス"
-+#: src/tools/sss_groupshow.c:620
-+#, c-format
-+msgid "%1$sMember users: "
-+msgstr "%1$sMember ユーザー: "
-
--#~ msgid "Kerberos realm"
--#~ msgstr "Kerberos レルム"
-+#: src/tools/sss_groupshow.c:627
-+#, c-format
-+msgid "\n"
-+"%1$sIs a member of: "
-+msgstr "\n"
-+"%1$sIs は次のメンバー: "
-
--#~ msgid "Authentication timeout"
--#~ msgstr "認証のタイムアウト"
-+#: src/tools/sss_groupshow.c:634
-+#, c-format
-+msgid "\n"
-+"%1$sMember groups: "
-+msgstr "\n"
-+"%1$sMember グループ: "
-
--#~ msgid "Whether to create kdcinfo files"
--#~ msgstr "kdcinfo ファイルを作成するかどうか"
-+#: src/tools/sss_groupshow.c:670
-+msgid "Print indirect group members recursively"
-+msgstr "間接グループメンバーを再帰的に表示する"
-
--#~ msgid "Where to drop krb5 config snippets"
--#~ msgstr "krb5 設定スニペットを削除する場所"
-+#: src/tools/sss_groupshow.c:704
-+msgid "Specify group to show\n"
-+msgstr "表示するグループを指定してください\n"
-
--#~ msgid "Directory to store credential caches"
--#~ msgstr "クレデンシャルのキャッシュを保存するディレクトリー"
-+#: src/tools/sss_groupshow.c:744
-+msgid ""
-+"No such group in local domain. Printing groups only allowed in local domain."
-+"\n"
-+msgstr "そのようなグループはローカルドメインにありません。グループの表示はローカルドメインにおいてのみ許可されます。\n"
-
--#~ msgid "Location of the user's credential cache"
--#~ msgstr "ユーザーのクレデンシャルキャッシュの位置"
-+#: src/tools/sss_groupshow.c:749
-+msgid "Internal error. Could not print group.\n"
-+msgstr "内部エラー。グループを表示できませんでした。\n"
-
--#~ msgid "Location of the keytab to validate credentials"
--#~ msgstr "クレデンシャルを検証するキーテーブルの場所"
-+#: src/tools/sss_userdel.c:138
-+msgid "Remove home directory and mail spool"
-+msgstr "ホームディレクトリーとメールスプールを削除する"
-
--#~ msgid "Enable credential validation"
--#~ msgstr "クレデンシャルの検証を有効にする"
-+#: src/tools/sss_userdel.c:140
-+msgid "Do not remove home directory and mail spool"
-+msgstr "ホームディレクトリーとメールスプールを削除しない"
-
--#~ msgid "Store password if offline for later online authentication"
--#~ msgstr ""
--#~ "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
-+#: src/tools/sss_userdel.c:142
-+msgid "Force removal of files not owned by the user"
-+msgstr "ユーザーにより所有されていないファイルの強制削除"
-
--#~ msgid "Renewable lifetime of the TGT"
--#~ msgstr "更新可能な TGT の有効期間"
-+#: src/tools/sss_userdel.c:144
-+msgid "Kill users' processes before removing him"
-+msgstr "ユーザーを削除する前にそのユーザーのプロセスを強制停止する"
-
--#~ msgid "Lifetime of the TGT"
--#~ msgstr "TGT の有効期間"
-+#: src/tools/sss_userdel.c:190
-+msgid "Specify user to delete\n"
-+msgstr "削除するユーザーを指定する\n"
-
--#~ msgid "Time between two checks for renewal"
--#~ msgstr "更新を確認する間隔"
-+#: src/tools/sss_userdel.c:236
-+#, c-format
-+msgid "User %1$s is outside the defined ID range for domain\n"
-+msgstr "ユーザー %1$s はドメインに対して定義された ID の範囲を超えています\n"
-
--#~ msgid "Enables FAST"
--#~ msgstr "FAST を有効にする"
-+#: src/tools/sss_userdel.c:261
-+msgid "Cannot reset SELinux login context\n"
-+msgstr "SELinux ログインコンテキストをリセットできません\n"
-
--#~ msgid "Selects the principal to use for FAST"
--#~ msgstr "FAST に使用するプリンシパルを選択する"
-+#: src/tools/sss_userdel.c:273
-+#, c-format
-+msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
-+msgstr "警告: ユーザー (uid %1$lu) が削除された時にまだログインしていました。\n"
-
--#~ msgid "Enables principal canonicalization"
--#~ msgstr "プリンシパル正規化を有効にする"
-+#: src/tools/sss_userdel.c:278
-+msgid "Cannot determine if the user was logged in on this platform"
-+msgstr "ユーザーがこのプラットフォームにログインしていたかを確認できませんでした"
-
--#~ msgid "Enables enterprise principals"
--#~ msgstr "エンタープライズ・プリンシパルの有効化"
-+#: src/tools/sss_userdel.c:283
-+msgid "Error while checking if the user was logged in\n"
-+msgstr "ユーザーがログインしていたかを確認中にエラーが発生しました\n"
-
--#~ msgid "A mapping from user names to Kerberos principal names"
--#~ msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング"
-+#: src/tools/sss_userdel.c:290
-+#, c-format
-+msgid "The post-delete command failed: %1$s\n"
-+msgstr "削除後コマンドの実行に失敗しました: %1$s\n"
-
--#~ msgid ""
--#~ "Server where the change password service is running if not on the KDC"
--#~ msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
-+#: src/tools/sss_userdel.c:310
-+msgid "Not removing home dir - not owned by user\n"
-+msgstr "ホームディレクトリーを削除していません - ユーザーにより所有されていません\n"
-
--#~ msgid "ldap_uri, The URI of the LDAP server"
--#~ msgstr "ldap_uri, LDAP サーバーの URI"
-+#: src/tools/sss_userdel.c:312
-+#, c-format
-+msgid "Cannot remove homedir: %1$s\n"
-+msgstr "ホームディレクトリーを削除できません: %1$s\n"
-
--#~ msgid "ldap_backup_uri, The URI of the LDAP server"
--#~ msgstr "ldap_backup_uri, LDAP サーバーの URI"
-+#: src/tools/sss_userdel.c:326
-+msgid ""
-+"No such user in local domain. Removing users only allowed in local domain.\n"
-+msgstr "そのようなユーザーはローカルドメインにいません。ユーザーの削除はローカルドメインにおいてのみ許可されます。\n"
-
--#~ msgid "The default base DN"
--#~ msgstr "デフォルトのベース DN"
-+#: src/tools/sss_userdel.c:331
-+msgid "Internal error. Could not remove user.\n"
-+msgstr "内部エラー。ユーザーを削除できませんでした。\n"
-
--#~ msgid "The Schema Type in use on the LDAP server, rfc2307"
--#~ msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307"
-+#: src/tools/sss_usermod.c:49
-+msgid "The GID of the user"
-+msgstr "ユーザーの GID"
-
--#~ msgid "Mode used to change user password"
--#~ msgstr "ユーザーのパスワードの変更にモードを使用しました"
-+#: src/tools/sss_usermod.c:53
-+msgid "Groups to add this user to"
-+msgstr "このユーザーを追加するグループ"
-
--#~ msgid "The default bind DN"
--#~ msgstr "デフォルトのバインド DN"
-+#: src/tools/sss_usermod.c:54
-+msgid "Groups to remove this user from"
-+msgstr "このユーザーを削除するグループ"
-
--#~ msgid "The type of the authentication token of the default bind DN"
--#~ msgstr "デフォルトのバインド DN の認証トークンの種類"
-+#: src/tools/sss_usermod.c:55
-+msgid "Lock the account"
-+msgstr "アカウントをロックする"
-
--#~ msgid "The authentication token of the default bind DN"
--#~ msgstr "デフォルトのバインド DN の認証トークン"
-+#: src/tools/sss_usermod.c:56
-+msgid "Unlock the account"
-+msgstr "アカウントをロック解除する"
-
--#~ msgid "Length of time to attempt connection"
--#~ msgstr "接続を試行する時間"
-+#: src/tools/sss_usermod.c:57
-+msgid "Add an attribute/value pair. The format is attrname=value."
-+msgstr "属性/値のペアを追加します。フォーマットは attrname=value です。"
-
--#~ msgid "Length of time to attempt synchronous LDAP operations"
--#~ msgstr "LDAP 同期操作を試行する時間"
-+#: src/tools/sss_usermod.c:58
-+msgid "Delete an attribute/value pair. The format is attrname=value."
-+msgstr "属性/値のペアを削除します。フォーマットは attrname=value です。"
-
--#~ msgid "Length of time between attempts to reconnect while offline"
--#~ msgstr "オフラインの間に再接続を試行する時間"
-+#: src/tools/sss_usermod.c:59
-+msgid ""
-+"Set an attribute to a name/value pair. The format is attrname=value. For "
-+"multi-valued attributes, the command replaces the values already present"
-+msgstr ""
-+"名前/値のペアに属性を指定します。形式は attrname=value です。複数の値を持つ属性の場合、コマンドがすでに存在する値に置き換えられます。"
-
--#~ msgid "Use only the upper case for realm names"
--#~ msgstr "レルム名に対して大文字のみを使用する"
-+#: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
-+#: src/tools/sss_usermod.c:135
-+msgid "Specify the attribute name/value pair(s)\n"
-+msgstr "属性の名前/値のペアを指定します\n"
-
--#~ msgid "File that contains CA certificates"
--#~ msgstr "CA 証明書を含むファイル"
-+#: src/tools/sss_usermod.c:152
-+msgid "Specify user to modify\n"
-+msgstr "変更するユーザーを指定してください\n"
-
--#~ msgid "Path to CA certificate directory"
--#~ msgstr "CA 証明書のディレクトリーのパス"
-+#: src/tools/sss_usermod.c:180
-+msgid ""
-+"Cannot find user in local domain, modifying users is allowed only in local "
-+"domain\n"
-+msgstr "ローカルドメインにユーザーを見つけられません。ユーザーの変更はローカルドメインにおいてのみ許可されます。\n"
-
--#~ msgid "File that contains the client certificate"
--#~ msgstr "クライアント証明書を含むファイル"
-+#: src/tools/sss_usermod.c:322
-+msgid "Could not modify user - check if group names are correct\n"
-+msgstr "ユーザーを変更できませんでした - グループ名が正しいかを確認してください\n"
-
--#~ msgid "File that contains the client key"
--#~ msgstr "クライアントの鍵を含むファイル"
-+#: src/tools/sss_usermod.c:326
-+msgid "Could not modify user - user already member of groups?\n"
-+msgstr "ユーザーを変更できませんでした - ユーザーはすでにグループのメンバーですか?\n"
-
--#~ msgid "List of possible ciphers suites"
--#~ msgstr "利用可能な暗号の一覧"
-+#: src/tools/sss_usermod.c:330
-+msgid "Transaction error. Could not modify user.\n"
-+msgstr "トランザクションエラー。ユーザーを変更できませんでした。\n"
-
--#~ msgid "Require TLS certificate verification"
--#~ msgstr "TLS 証明書の検証を要求する"
-+#: src/tools/sss_cache.c:245
-+msgid "No cache object matched the specified search\n"
-+msgstr "指定された検索に一致するキャッシュオブジェクトがありません\n"
-
--#~ msgid "Specify the sasl mechanism to use"
--#~ msgstr "使用する SASL メカニズムを指定する"
-+#: src/tools/sss_cache.c:536
-+#, c-format
-+msgid "Couldn't invalidate %1$s\n"
-+msgstr "%1$s を無効化できませんでした\n"
-
--#~ msgid "Specify the sasl authorization id to use"
--#~ msgstr "使用する SASL 認可 ID を指定する"
-+#: src/tools/sss_cache.c:543
-+#, c-format
-+msgid "Couldn't invalidate %1$s %2$s\n"
-+msgstr "%1$s %2$s を無効化できませんでした\n"
-
--#~ msgid "Specify the sasl authorization realm to use"
--#~ msgstr "使用する SASL 認可レルムを指定する"
-+#: src/tools/sss_cache.c:721
-+msgid "Invalidate all cached entries"
-+msgstr "すべてのキャッシュエントリーを無効化します"
-
--#~ msgid "Specify the minimal SSF for LDAP sasl authorization"
--#~ msgstr "LDAP SASL 認可の最小 SSF を指定する"
-+#: src/tools/sss_cache.c:723
-+msgid "Invalidate particular user"
-+msgstr "特定のユーザーを無効にする"
-
--#~ msgid "Kerberos service keytab"
--#~ msgstr "Kerberos サービスのキーテーブル"
-+#: src/tools/sss_cache.c:725
-+msgid "Invalidate all users"
-+msgstr "すべてのユーザーを無効にする"
-
--#~ msgid "Use Kerberos auth for LDAP connection"
--#~ msgstr "LDAP 接続に対して Kerberos 認証を使用する"
-+#: src/tools/sss_cache.c:727
-+msgid "Invalidate particular group"
-+msgstr "特定のグループを無効にする"
-
--#~ msgid "Follow LDAP referrals"
--#~ msgstr "LDAP リフェラルにしたがう"
-+#: src/tools/sss_cache.c:729
-+msgid "Invalidate all groups"
-+msgstr "すべてのグループを無効にする"
-
--#~ msgid "Lifetime of TGT for LDAP connection"
--#~ msgstr "LDAP 接続の TGT の有効期間"
-+#: src/tools/sss_cache.c:731
-+msgid "Invalidate particular netgroup"
-+msgstr "特定のネットワークグループを無効にする"
-
--#~ msgid "How to dereference aliases"
--#~ msgstr "エイリアスを参照解決する方法"
-+#: src/tools/sss_cache.c:733
-+msgid "Invalidate all netgroups"
-+msgstr "すべてのネットワークグループを無効にする"
-
--#~ msgid "Service name for DNS service lookups"
--#~ msgstr "DNS サービス検索のサービス名"
-+#: src/tools/sss_cache.c:735
-+msgid "Invalidate particular service"
-+msgstr "特定のサービスの無効化"
-
--#~ msgid "The number of records to retrieve in a single LDAP query"
--#~ msgstr "単一の LDAP クエリーにおいて取得するレコード数"
-+#: src/tools/sss_cache.c:737
-+msgid "Invalidate all services"
-+msgstr "すべてのサービスの無効化"
-
--#~ msgid "The number of members that must be missing to trigger a full deref"
--#~ msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
-+#: src/tools/sss_cache.c:740
-+msgid "Invalidate particular autofs map"
-+msgstr "特定の autofs マップの無効化"
-
--#~ msgid ""
--#~ "Whether the LDAP library should perform a reverse lookup to canonicalize "
--#~ "the host name during a SASL bind"
--#~ msgstr ""
--#~ "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実"
--#~ "行するかどうか"
-+#: src/tools/sss_cache.c:742
-+msgid "Invalidate all autofs maps"
-+msgstr "すべての autofs マップの無効化"
-
--#~ msgid "entryUSN attribute"
--#~ msgstr "entryUSN 属性"
-+#: src/tools/sss_cache.c:746
-+msgid "Invalidate particular SSH host"
-+msgstr "特定の SSH ホストを無効化します"
-
--#~ msgid "lastUSN attribute"
--#~ msgstr "lastUSN 属性"
-+#: src/tools/sss_cache.c:748
-+msgid "Invalidate all SSH hosts"
-+msgstr "すべての SSH ホストを無効化します"
-
--#~ msgid ""
--#~ "How long to retain a connection to the LDAP server before disconnecting"
--#~ msgstr "LDAP サーバーを切断する前に接続を保持する時間"
-+#: src/tools/sss_cache.c:752
-+msgid "Invalidate particular sudo rule"
-+msgstr "特定の sudo ルールを無効化します"
-
--#~ msgid "Disable the LDAP paging control"
--#~ msgstr "LDAP ページング制御を無効化する"
-+#: src/tools/sss_cache.c:754
-+msgid "Invalidate all cached sudo rules"
-+msgstr "すべてのキャッシュ sudo ルールを無効化します"
-
--#~ msgid "Disable Active Directory range retrieval"
--#~ msgstr "Active Directory 範囲の取得の無効化"
-+#: src/tools/sss_cache.c:757
-+msgid "Only invalidate entries from a particular domain"
-+msgstr "特定のドメインのみからエントリーを無効にする"
-
--#~ msgid "Length of time to wait for a search request"
--#~ msgstr "検索要求を待つ時間"
-+#: src/tools/sss_cache.c:811
-+msgid ""
-+"Unexpected argument(s) provided, options that invalidate a single object "
-+"only accept a single provided argument.\n"
-+msgstr "予期しない引数が提供される場合、1 つのオブジェクトを無効化するオプションは、提供された引数を 1 つだけ受け取ります。\n"
-
--#~ msgid "Length of time to wait for a enumeration request"
--#~ msgstr "列挙の要求を待つ時間"
-+#: src/tools/sss_cache.c:821
-+msgid "Please select at least one object to invalidate\n"
-+msgstr "無効化するオブジェクトを少なくとも一つ選択してください\n"
-
--#~ msgid "Length of time between enumeration updates"
--#~ msgstr "列挙の更新間隔"
-+#: src/tools/sss_cache.c:904
-+#, c-format
-+msgid ""
-+"Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
-+"use fully qualified name instead of --domain/-d parameter.\n"
-+msgstr ""
-+"ドメイン %1$s を開けませんでした。ドメインがサブドメイン (信頼済みドメイン) であれば、--domain/-d "
-+"パラメーターの代わりに完全修飾名を使用してください。\n"
-
--#~ msgid "Length of time between cache cleanups"
--#~ msgstr "キャッシュをクリーンアップする間隔"
-+#: src/tools/sss_cache.c:909
-+msgid "Could not open available domains\n"
-+msgstr "利用可能なドメインを開けませんでした\n"
-
--#~ msgid "Require TLS for ID lookups"
--#~ msgstr "ID 検索に TLS を要求する"
-+#: src/tools/tools_util.c:202
-+#, c-format
-+msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
-+msgstr "名前 '%1$s' が FQDN であるように見えません ('%2$s = TRUE' が設定されます)\n"
-
--#~ msgid "Use ID-mapping of objectSID instead of pre-set IDs"
--#~ msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します"
-+#: src/tools/tools_util.c:309
-+msgid "Out of memory\n"
-+msgstr "メモリー不足\n"
-
--#~ msgid "Base DN for user lookups"
--#~ msgstr "ユーザー検索のベース DN"
-+#: src/tools/tools_util.h:40
-+#, c-format
-+msgid "%1$s must be run as root\n"
-+msgstr "%1$s は root として実行する必要があります\n"
-
--#~ msgid "Scope of user lookups"
--#~ msgstr "ユーザー検索の範囲"
-+#: src/tools/sssctl/sssctl.c:35
-+msgid "yes"
-+msgstr "はい"
-
--#~ msgid "Filter for user lookups"
--#~ msgstr "ユーザー検索のフィルター"
-+#: src/tools/sssctl/sssctl.c:37
-+msgid "no"
-+msgstr "いいえ"
-
--#~ msgid "Objectclass for users"
--#~ msgstr "ユーザーのオブジェクトクラス"
-+#: src/tools/sssctl/sssctl.c:39
-+msgid "error"
-+msgstr "エラー"
-
--#~ msgid "Username attribute"
--#~ msgstr "ユーザー名の属性"
-+#: src/tools/sssctl/sssctl.c:42
-+msgid "Invalid result."
-+msgstr "無効な結果。"
-
--#~ msgid "UID attribute"
--#~ msgstr "UID の属性"
-+#: src/tools/sssctl/sssctl.c:78
-+msgid "Unable to read user input\n"
-+msgstr "ユーザーインプットの読み込みができませんでした\n"
-
--#~ msgid "Primary GID attribute"
--#~ msgstr "プライマリー GID の属性"
-+#: src/tools/sssctl/sssctl.c:91
-+#, c-format
-+msgid "Invalid input, please provide either '%s' or '%s'.\n"
-+msgstr "無効なインプットです。'%s' または '%s' のいずれかを提供してください。\n"
-
--#~ msgid "GECOS attribute"
--#~ msgstr "GECOS の属性"
-+#: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
-+msgid "Error while executing external command\n"
-+msgstr "外部のコマンドを実行中にエラーが発生しました\n"
-
--#~ msgid "Home directory attribute"
--#~ msgstr "ホームディレクトリーの属性"
-+#: src/tools/sssctl/sssctl.c:156
-+msgid "SSSD needs to be running. Start SSSD now?"
-+msgstr "SSSD を実行する必要があります。SSSD をすぐに実行しますか?"
-
--#~ msgid "Shell attribute"
--#~ msgstr "シェルの属性"
-+#: src/tools/sssctl/sssctl.c:195
-+msgid "SSSD must not be running. Stop SSSD now?"
-+msgstr "SSSD を実行してはいけません。SSSD を今、停止しますか?"
-
--#~ msgid "UUID attribute"
--#~ msgstr "UUID 属性"
-+#: src/tools/sssctl/sssctl.c:231
-+msgid "SSSD needs to be restarted. Restart SSSD now?"
-+msgstr "SSSD は再起動が必要です。SSSD を今、再起動しますか?"
-
--#~ msgid "objectSID attribute"
--#~ msgstr "objectSID 属性"
-+#: src/tools/sssctl/sssctl_cache.c:31
-+#, c-format
-+msgid " %s is not present in cache.\n"
-+msgstr " %s はキャッシュにありません\n"
-
--#~ msgid "Active Directory primary group attribute for ID-mapping"
--#~ msgstr "ID マッピングの Active Directory プライマリーグループ属性"
-+#: src/tools/sssctl/sssctl_cache.c:33
-+msgid "Name"
-+msgstr "名前"
-
--#~ msgid "User principal attribute (for Kerberos)"
--#~ msgstr "ユーザープリンシパルの属性(Kerberos 用)"
-+#: src/tools/sssctl/sssctl_cache.c:34
-+msgid "Cache entry creation date"
-+msgstr "キャッシュエントリーの作成日"
-
--#~ msgid "Full Name"
--#~ msgstr "氏名"
-+#: src/tools/sssctl/sssctl_cache.c:35
-+msgid "Cache entry last update time"
-+msgstr "キャッシュエントリーが最後に更新された時間"
-
--#~ msgid "memberOf attribute"
--#~ msgstr "memberOf 属性"
-+#: src/tools/sssctl/sssctl_cache.c:36
-+msgid "Cache entry expiration time"
-+msgstr "キャッシュエントリーの期限切れ時間"
-
--#~ msgid "Modification time attribute"
--#~ msgstr "変更日時の属性"
-+#: src/tools/sssctl/sssctl_cache.c:37
-+msgid "Cached in InfoPipe"
-+msgstr "InfoPipe にキャッシュ"
-
--#~ msgid "shadowLastChange attribute"
--#~ msgstr "shadowLastChange 属性"
-+#: src/tools/sssctl/sssctl_cache.c:522
-+#, c-format
-+msgid "Error: Unable to get object [%d]: %s\n"
-+msgstr "エラー: オブジェクト [%d] を取得できません: %s\n"
-
--#~ msgid "shadowMin attribute"
--#~ msgstr "shadowMin 属性"
-+#: src/tools/sssctl/sssctl_cache.c:538
-+#, c-format
-+msgid "%s: Unable to read value [%d]: %s\n"
-+msgstr "%s: 値 [%d] の読み込みができません: %s\n"
-
--#~ msgid "shadowMax attribute"
--#~ msgstr "shadowMax 属性"
-+#: src/tools/sssctl/sssctl_cache.c:566
-+msgid "Specify name."
-+msgstr "名前を指定します。"
-
--#~ msgid "shadowWarning attribute"
--#~ msgstr "shadowWarning 属性"
-+#: src/tools/sssctl/sssctl_cache.c:576
-+#, c-format
-+msgid "Unable to parse name %s.\n"
-+msgstr "名前 %s を構文解析できません。\n"
-
--#~ msgid "shadowInactive attribute"
--#~ msgstr "shadowInactive 属性"
-+#: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
-+msgid "Search by SID"
-+msgstr "SID で検索"
-
--#~ msgid "shadowExpire attribute"
--#~ msgstr "shadowExpire 属性"
-+#: src/tools/sssctl/sssctl_cache.c:603
-+msgid "Search by user ID"
-+msgstr "ユーザーID で検索"
-
--#~ msgid "shadowFlag attribute"
--#~ msgstr "shadowFlag 属性"
-+#: src/tools/sssctl/sssctl_cache.c:612
-+msgid "Initgroups expiration time"
-+msgstr "Initgroups の期限切れ時間"
-
--#~ msgid "Attribute listing authorized PAM services"
--#~ msgstr "認可された PAM サービスを一覧化する属性"
-+#: src/tools/sssctl/sssctl_cache.c:650
-+msgid "Search by group ID"
-+msgstr "グループ ID で検索"
-
--#~ msgid "Attribute listing authorized server hosts"
--#~ msgstr "認可されたサーバーホストを一覧化する属性"
-+#: src/tools/sssctl/sssctl_config.c:112
-+#, c-format
-+msgid "Failed to open %s\n"
-+msgstr "%s を開くことに失敗しました\n"
-
--#~ msgid "Attribute listing authorized server rhosts"
--#~ msgstr "認可されたサーバー rhosts を一覧化する属性"
-+#: src/tools/sssctl/sssctl_config.c:117
-+#, c-format
-+msgid "File %1$s does not exist.\n"
-+msgstr "ファイル %1$s は存在しません。\n"
-
--#~ msgid "krbLastPwdChange attribute"
--#~ msgstr "krbLastPwdChange 属性"
-+#: src/tools/sssctl/sssctl_config.c:121
-+msgid ""
-+"File ownership and permissions check failed. Expected root:root and 0600.\n"
-+msgstr "ファイルの所有権とパーミッションの確認に失敗しました。予期される root:root および 0600。\n"
-
--#~ msgid "krbPasswordExpiration attribute"
--#~ msgstr "krbPasswordExpiration 属性"
-+#: src/tools/sssctl/sssctl_config.c:127
-+#, c-format
-+msgid "Failed to load configuration from %s.\n"
-+msgstr ""
-
--#~ msgid "Attribute indicating that server side password policies are active"
--#~ msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
-+#: src/tools/sssctl/sssctl_config.c:133
-+msgid "Error while reading configuration directory.\n"
-+msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n"
-
--#~ msgid "accountExpires attribute of AD"
--#~ msgstr "AD の accountExpires 属性"
-+#: src/tools/sssctl/sssctl_config.c:141
-+msgid ""
-+"There is no configuration. SSSD will use default configuration with files "
-+"provider.\n"
-+msgstr "設定はありません。SSSD は、ファイルプロバイダーでデフォルト設定を使用します。\n"
-
--#~ msgid "userAccountControl attribute of AD"
--#~ msgstr "AD の userAccountControl 属性"
-+#: src/tools/sssctl/sssctl_config.c:153
-+msgid "Failed to run validators"
-+msgstr "バリデーターの実行に失敗しました"
-
--#~ msgid "nsAccountLock attribute"
--#~ msgstr "nsAccountLock 属性"
-+#: src/tools/sssctl/sssctl_config.c:157
-+#, c-format
-+msgid "Issues identified by validators: %zu\n"
-+msgstr "バリデーターで特定された問題: %zu\n"
-
--#~ msgid "loginDisabled attribute of NDS"
--#~ msgstr "NDS の loginDisabled 属性"
-+#: src/tools/sssctl/sssctl_config.c:168
-+#, c-format
-+msgid "Messages generated during configuration merging: %zu\n"
-+msgstr "設定のマージ中に生成されたメッセージ: %zu\n"
-
--#~ msgid "loginExpirationTime attribute of NDS"
--#~ msgstr "NDS の loginExpirationTime 属性"
-+#: src/tools/sssctl/sssctl_config.c:179
-+#, c-format
-+msgid "Used configuration snippet files: %zu\n"
-+msgstr "使用された設定スニペットファイル: %zu\n"
-
--#~ msgid "loginAllowedTimeMap attribute of NDS"
--#~ msgstr "NDS の loginAllowedTimeMap 属性"
-+#: src/tools/sssctl/sssctl_data.c:89
-+#, c-format
-+msgid "Unable to create backup directory [%d]: %s"
-+msgstr "バックアップディレクトリー [%d] を作成できません: %s"
-
--#~ msgid "SSH public key attribute"
--#~ msgstr "SSH 公開鍵の属性"
-+#: src/tools/sssctl/sssctl_data.c:95
-+msgid "SSSD backup of local data already exists, override?"
-+msgstr "ローカルデータの SSSD バックアップはすでに存在しますが、上書きしますか?"
-
--#~ msgid "attribute listing allowed authentication types for a user"
--#~ msgstr "ユーザー用に許可された認証タイプを一覧化する属性"
-+#: src/tools/sssctl/sssctl_data.c:111
-+msgid "Unable to export user overrides\n"
-+msgstr "ユーザーの上書きをエクスポートできません\n"
-
--#~ msgid "attribute containing the X509 certificate of the user"
--#~ msgstr "ユーザーの X509 証明書を含む属性"
-+#: src/tools/sssctl/sssctl_data.c:118
-+msgid "Unable to export group overrides\n"
-+msgstr "グループの上書きをエクスポートできません\n"
-
--#~ msgid "attribute containing the email address of the user"
--#~ msgstr "ユーザーの電子メールアドレスを含む属性"
-+#: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
-+msgid "Override existing backup"
-+msgstr "既存のバックアップを上書き"
-
--#~ msgid "A list of extra attributes to download along with the user entry"
--#~ msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧"
-+#: src/tools/sssctl/sssctl_data.c:164
-+msgid "Unable to import user overrides\n"
-+msgstr "ユーザーの上書きをインポートできません\n"
-
--#~ msgid "Base DN for group lookups"
--#~ msgstr "グループ検索のベース DN"
-+#: src/tools/sssctl/sssctl_data.c:173
-+msgid "Unable to import group overrides\n"
-+msgstr "グループの上書きをインポートできません\n"
-
--#~ msgid "Objectclass for groups"
--#~ msgstr "グループのオブジェクトクラス"
-+#: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
-+#: src/tools/sssctl/sssctl_domains.c:328
-+msgid "Start SSSD if it is not running"
-+msgstr "実行中でない場合、SSSD を開始します"
-
--#~ msgid "Group name"
--#~ msgstr "グループ名"
-+#: src/tools/sssctl/sssctl_data.c:195
-+msgid "Restart SSSD after data import"
-+msgstr "データのインポートの後、SSSD を再起動します"
-
--#~ msgid "Group password"
--#~ msgstr "グループのパスワード"
-+#: src/tools/sssctl/sssctl_data.c:218
-+msgid "Create clean cache files and import local data"
-+msgstr "クリーンなキャッシュファイルを作成し、ローカルデータをインポートします"
-
--#~ msgid "GID attribute"
--#~ msgstr "GID 属性"
-+#: src/tools/sssctl/sssctl_data.c:219
-+msgid "Stop SSSD before removing the cache"
-+msgstr "キャッシュを削除する前に SSSD を停止します"
-
--#~ msgid "Group member attribute"
--#~ msgstr "グループメンバー属性"
-+#: src/tools/sssctl/sssctl_data.c:220
-+msgid "Start SSSD when the cache is removed"
-+msgstr "キャッシュの削除後に SSSD を開始します"
-
--#~ msgid "Group UUID attribute"
--#~ msgstr "グループ UUID 属性"
-+#: src/tools/sssctl/sssctl_data.c:235
-+msgid "Creating backup of local data...\n"
-+msgstr "ローカルデータのバックアップを作成中...\n"
-
--#~ msgid "Modification time attribute for groups"
--#~ msgstr "グループの変更日時の属性"
-+#: src/tools/sssctl/sssctl_data.c:238
-+msgid "Unable to create backup of local data, can not remove the cache.\n"
-+msgstr "ローカルデータのバックアップの作成ができません。キャッシュを削除できません。\n"
-
--#~ msgid "Type of the group and other flags"
--#~ msgstr "グループおよび他のフラグのタイプ"
-+#: src/tools/sssctl/sssctl_data.c:243
-+msgid "Removing cache files...\n"
-+msgstr "キャッシュファイルの削除中...\n"
-
--#~ msgid "The LDAP group external member attribute"
--#~ msgstr "LDAP グループの外部メンバーの属性"
-+#: src/tools/sssctl/sssctl_data.c:246
-+msgid "Unable to remove cache files\n"
-+msgstr "キャッシュファイルを削除できません\n"
-
--#~ msgid "Maximum nesting level SSSD will follow"
--#~ msgstr "SSSD が従う最大ネストレベル"
-+#: src/tools/sssctl/sssctl_data.c:251
-+msgid "Restoring local data...\n"
-+msgstr "ローカルデータの復元中...\n"
-
--#~ msgid "Base DN for netgroup lookups"
--#~ msgstr "ネットグループ検索のベース DN"
-+#: src/tools/sssctl/sssctl_domains.c:83
-+msgid "Show domain list including primary or trusted domain type"
-+msgstr "プライマリーまたは信頼されたドメインタイプを含むドメインリストを表示します"
-
--#~ msgid "Objectclass for netgroups"
--#~ msgstr "ネットグループのオブジェクトクラス"
-+#: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
-+#: src/tools/sssctl/sssctl_user_checks.c:95
-+msgid "Unable to connect to system bus!\n"
-+msgstr "システムバスに接続できません。\n"
-
--#~ msgid "Netgroup name"
--#~ msgstr "ネットグループ名"
-+#: src/tools/sssctl/sssctl_domains.c:167
-+msgid "Online"
-+msgstr "オンライン"
-
--#~ msgid "Netgroups members attribute"
--#~ msgstr "ネットグループメンバーの属性"
-+#: src/tools/sssctl/sssctl_domains.c:167
-+msgid "Offline"
-+msgstr "オフライン"
-
--#~ msgid "Netgroup triple attribute"
--#~ msgstr "ネットグループの三つ組の属性"
-+#: src/tools/sssctl/sssctl_domains.c:167
-+#, c-format
-+msgid "Online status: %s\n"
-+msgstr "オンライン状態: %s\n"
-
--#~ msgid "Modification time attribute for netgroups"
--#~ msgstr "ネットグループの変更日時の属性"
-+#: src/tools/sssctl/sssctl_domains.c:213
-+msgid "This domain has no active servers.\n"
-+msgstr "このドメインには、アクティブなサーバーはありません。\n"
-
--#~ msgid "Base DN for service lookups"
--#~ msgstr "サービス検索のベース DN"
-+#: src/tools/sssctl/sssctl_domains.c:218
-+msgid "Active servers:\n"
-+msgstr "アクティブサーバー:\n"
-
--#~ msgid "Objectclass for services"
--#~ msgstr "サービスのオブジェクトクラス"
-+#: src/tools/sssctl/sssctl_domains.c:230
-+msgid "not connected"
-+msgstr "接続していません"
-
--#~ msgid "Service name attribute"
--#~ msgstr "サービス名の属性"
-+#: src/tools/sssctl/sssctl_domains.c:267
-+msgid "No servers discovered.\n"
-+msgstr "サーバーが見つかりません。\n"
-
--#~ msgid "Service port attribute"
--#~ msgstr "サービスポートの属性"
-+#: src/tools/sssctl/sssctl_domains.c:273
-+#, c-format
-+msgid "Discovered %s servers:\n"
-+msgstr "%s サーバーが見つかりました:\n"
-
--#~ msgid "Service protocol attribute"
--#~ msgstr "サービスプロトコルの属性"
-+#: src/tools/sssctl/sssctl_domains.c:285
-+msgid "None so far.\n"
-+msgstr "今のところありません。\n"
-
--#~ msgid "Lower bound for ID-mapping"
--#~ msgstr "ID マッピングの下限"
-+#: src/tools/sssctl/sssctl_domains.c:325
-+msgid "Show online status"
-+msgstr "オンライン状態を表示"
-
--#~ msgid "Upper bound for ID-mapping"
--#~ msgstr "ID マッピングの上限"
-+#: src/tools/sssctl/sssctl_domains.c:326
-+msgid "Show information about active server"
-+msgstr "アクティブサーバーに関する情報の表示"
-
--#~ msgid "Number of IDs for each slice when ID-mapping"
--#~ msgstr "ID マッピングするとき、各スライスに対する ID の数"
-+#: src/tools/sssctl/sssctl_domains.c:327
-+msgid "Show list of discovered servers"
-+msgstr "見つかったサーバーに関する一覧を表示"
-
--#~ msgid "Use autorid-compatible algorithm for ID-mapping"
--#~ msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します"
-+#: src/tools/sssctl/sssctl_domains.c:333
-+msgid "Specify domain name."
-+msgstr "ドメイン名を指定します。"
-
--#~ msgid "Name of the default domain for ID-mapping"
--#~ msgstr "ID マッピングに対するデフォルトドメインの名前"
-+#: src/tools/sssctl/sssctl_domains.c:355
-+msgid "Out of memory!\n"
-+msgstr "メモリーの空き容量がありません。\n"
-
--#~ msgid "SID of the default domain for ID-mapping"
--#~ msgstr "ID マッピングに対するデフォルトドメインの SID"
-+#: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
-+msgid "Unable to get online status\n"
-+msgstr "オンライン状態を取得できません\n"
-
--#~ msgid "Number of secondary slices"
--#~ msgstr "セカンダリースライスの数"
-+#: src/tools/sssctl/sssctl_domains.c:395
-+msgid "Unable to get server list\n"
-+msgstr "サーバー一覧を取得できません\n"
-
--#~ msgid "Whether to use Token-Groups"
--#~ msgstr "Token-Group を使うかどうか"
-+#: src/tools/sssctl/sssctl_logs.c:46
-+msgid "\n"
-+msgstr "\n"
-
--#~ msgid "Set lower boundary for allowed IDs from the LDAP server"
--#~ msgstr "LDAP サーバーから許可される ID の下限の設定"
-+#: src/tools/sssctl/sssctl_logs.c:236
-+msgid "Delete log files instead of truncating"
-+msgstr "切り捨てる代わりにログファイルを削除します"
-
--#~ msgid "Set upper boundary for allowed IDs from the LDAP server"
--#~ msgstr "LDAP サーバーから許可される ID の上限の設定"
-+#: src/tools/sssctl/sssctl_logs.c:247
-+msgid "Deleting log files...\n"
-+msgstr "ログファイルを削除中...\n"
-
--#~ msgid "DN for ppolicy queries"
--#~ msgstr "ppolicy クエリーの DN"
-+#: src/tools/sssctl/sssctl_logs.c:250
-+msgid "Unable to remove log files\n"
-+msgstr "ログファイルを削除できません\n"
-
--#~ msgid "How many maximum entries to fetch during a wildcard request"
--#~ msgstr "ワイルドカードの要求の間に取得する最大エントリーの数"
-+#: src/tools/sssctl/sssctl_logs.c:256
-+msgid "Truncating log files...\n"
-+msgstr "ログファイルを切り捨てます...\n"
-
--#~ msgid "Policy to evaluate the password expiration"
--#~ msgstr "パスワード失効の評価のポリシー"
-+#: src/tools/sssctl/sssctl_logs.c:259
-+msgid "Unable to truncate log files\n"
-+msgstr "ログファイルの切り捨てができません\n"
-
--#~ msgid "Which attributes shall be used to evaluate if an account is expired"
--#~ msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
-+#: src/tools/sssctl/sssctl_logs.c:285
-+msgid "Out of memory!"
-+msgstr "メモリーの空き容量がありません。"
-
--#~ msgid "Which rules should be used to evaluate access control"
--#~ msgstr "どのルールがアクセス制御を評価するために使用されるか"
-+#: src/tools/sssctl/sssctl_logs.c:288
-+#, c-format
-+msgid "Archiving log files into %s...\n"
-+msgstr "ログファイルを %s へアーカイブ中...\n"
-
--#~ msgid "URI of an LDAP server where password changes are allowed"
--#~ msgstr "パスワードの変更が許可される LDAP サーバーの URI"
-+#: src/tools/sssctl/sssctl_logs.c:291
-+msgid "Unable to archive log files\n"
-+msgstr "ログファイルのアーカイブができません\n"
-
--#~ msgid "URI of a backup LDAP server where password changes are allowed"
--#~ msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI"
-+#: src/tools/sssctl/sssctl_logs.c:316
-+msgid "Specify debug level you want to set"
-+msgstr "設定したいデバッグレベルを指定します"
-
--#~ msgid "DNS service name for LDAP password change server"
--#~ msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
-+#: src/tools/sssctl/sssctl_user_checks.c:117
-+msgid "SSSD InfoPipe user lookup result:\n"
-+msgstr "SSSD InfoPipe ユーザー検索の結果:\n"
-
--#~ msgid ""
--#~ "Whether to update the ldap_user_shadow_last_change attribute after a "
--#~ "password change"
--#~ msgstr ""
--#~ "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか"
-+#: src/tools/sssctl/sssctl_user_checks.c:167
-+#, c-format
-+msgid "dlopen failed with [%s].\n"
-+msgstr "dlopen は [%s] で失敗しました。\n"
-
--#~ msgid "Base DN for sudo rules lookups"
--#~ msgstr "sudo ルール検索のベース DN"
-+#: src/tools/sssctl/sssctl_user_checks.c:174
-+#, c-format
-+msgid "dlsym failed with [%s].\n"
-+msgstr "dlsym は [%s] で失敗しました。\n"
-
--#~ msgid "Automatic full refresh period"
--#~ msgstr "自動的な完全更新間隔"
-+#: src/tools/sssctl/sssctl_user_checks.c:182
-+msgid "malloc failed.\n"
-+msgstr "malloc は失敗しました。\n"
-
--#~ msgid "Automatic smart refresh period"
--#~ msgstr "自動的なスマート更新間隔"
-+#: src/tools/sssctl/sssctl_user_checks.c:189
-+#, c-format
-+msgid "sss_getpwnam_r failed with [%d].\n"
-+msgstr "sss_getpwnam_r が [%d] で失敗しました。\n"
-
--#~ msgid "Whether to filter rules by hostname, IP addresses and network"
--#~ msgstr ""
--#~ "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するか"
--#~ "どうか"
-+#: src/tools/sssctl/sssctl_user_checks.c:194
-+msgid "SSSD nss user lookup result:\n"
-+msgstr "SSSD nss ユーザー検索の結果:\n"
-
--#~ msgid ""
--#~ "Hostnames and/or fully qualified domain names of this machine to filter "
--#~ "sudo rules"
--#~ msgstr ""
--#~ "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイ"
--#~ "ン名"
-+#: src/tools/sssctl/sssctl_user_checks.c:195
-+#, c-format
-+msgid " - user name: %s\n"
-+msgstr " - user name: %s\n"
-
--#~ msgid ""
--#~ "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
--#~ msgstr ""
--#~ "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたは"
--#~ "ネットワーク"
-+#: src/tools/sssctl/sssctl_user_checks.c:196
-+#, c-format
-+msgid " - user id: %d\n"
-+msgstr " - user id: %d\n"
-
--#~ msgid "Whether to include rules that contains netgroup in host attribute"
--#~ msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか"
-+#: src/tools/sssctl/sssctl_user_checks.c:197
-+#, c-format
-+msgid " - group id: %d\n"
-+msgstr " - group id: %d\n"
-
--#~ msgid ""
--#~ "Whether to include rules that contains regular expression in host "
--#~ "attribute"
--#~ msgstr "ホスト属性に正規表現を含むルールを含めるかどうか"
-+#: src/tools/sssctl/sssctl_user_checks.c:198
-+#, c-format
-+msgid " - gecos: %s\n"
-+msgstr " - gecos: %s\n"
-
--#~ msgid "Object class for sudo rules"
--#~ msgstr "sudo ルールのオブジェクトクラス"
-+#: src/tools/sssctl/sssctl_user_checks.c:199
-+#, c-format
-+msgid " - home directory: %s\n"
-+msgstr " - home directory: %s\n"
-
--#~ msgid "Name of attribute that is used as object class for sudo rules"
--#~ msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前"
-+#: src/tools/sssctl/sssctl_user_checks.c:200
-+#, c-format
-+msgid " - shell: %s\n"
-+"\n"
-+msgstr " - shell: %s\n"
-+"\n"
-
--#~ msgid "Sudo rule name"
--#~ msgstr "sudo ルール名"
-+#: src/tools/sssctl/sssctl_user_checks.c:232
-+msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
-+msgstr "PAM アクション [auth|acct|setc|chau|open|clos]、デフォルト: "
-
--#~ msgid "Sudo rule command attribute"
--#~ msgstr "sudo ルールのコマンドの属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:235
-+msgid "PAM service, default: "
-+msgstr "PAM サービス、デフォルト: "
-
--#~ msgid "Sudo rule host attribute"
--#~ msgstr "sudo ルールのホストの属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:240
-+msgid "Specify user name."
-+msgstr "ユーザー名を指定します。"
-
--#~ msgid "Sudo rule user attribute"
--#~ msgstr "sudo ルールのユーザーの属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:247
-+#, c-format
-+msgid "user: %s\n"
-+"action: %s\n"
-+"service: %s\n"
-+"\n"
-+msgstr "ユーザー: %s\n"
-+"アクション: %s\n"
-+"サービス: %s\n"
-+"\n"
-
--#~ msgid "Sudo rule option attribute"
--#~ msgstr "sudo ルールのオプションの属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:252
-+#, c-format
-+msgid "User name lookup with [%s] failed.\n"
-+msgstr "[%s] でのユーザー名の検索に失敗しました。\n"
-
--#~ msgid "Sudo rule runas attribute"
--#~ msgstr "sudo ルールの runas の属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:257
-+#, c-format
-+msgid "InfoPipe User lookup with [%s] failed.\n"
-+msgstr "[%s] での InfoPipe ユーザーの検索に失敗しました。\n"
-
--#~ msgid "Sudo rule runasuser attribute"
--#~ msgstr "sudo ルールの runasuser の属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:263
-+#, c-format
-+msgid "pam_start failed: %s\n"
-+msgstr "pam_start に失敗しました: %s\n"
-
--#~ msgid "Sudo rule runasgroup attribute"
--#~ msgstr "sudo ルールの runasgroup の属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:268
-+msgid "testing pam_authenticate\n"
-+"\n"
-+msgstr "pam_authenticate のテスト中\n"
-+"\n"
-
--#~ msgid "Sudo rule notbefore attribute"
--#~ msgstr "sudo ルールの notbefore の属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:272
-+#, c-format
-+msgid "pam_get_item failed: %s\n"
-+msgstr "pam_get_item に失敗しました: %s\n"
-
--#~ msgid "Sudo rule notafter attribute"
--#~ msgstr "sudo ルールの notafter の属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:275
-+#, c-format
-+msgid "pam_authenticate for user [%s]: %s\n"
-+"\n"
-+msgstr "ユーザー [%s] 向けの pam_authenticate: %s\n"
-+"\n"
-
--#~ msgid "Sudo rule order attribute"
--#~ msgstr "sudo ルールの order の属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:278
-+msgid "testing pam_chauthtok\n"
-+"\n"
-+msgstr "pam_chauthtok のテスト中\n"
-+"\n"
-
--#~ msgid "Object class for automounter maps"
--#~ msgstr "automounter マップのオブジェクトクラス"
-+#: src/tools/sssctl/sssctl_user_checks.c:280
-+#, c-format
-+msgid "pam_chauthtok: %s\n"
-+"\n"
-+msgstr "pam_chauthtok: %s\n"
-+"\n"
-
--#~ msgid "Automounter map name attribute"
--#~ msgstr "オートマウントのマップ名の属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:282
-+msgid "testing pam_acct_mgmt\n"
-+"\n"
-+msgstr "pam_acct_mgmt のテスト中\n"
-+"\n"
-
--#~ msgid "Object class for automounter map entries"
--#~ msgstr "automounter マップエントリーのオブジェクトクラス"
-+#: src/tools/sssctl/sssctl_user_checks.c:284
-+#, c-format
-+msgid "pam_acct_mgmt: %s\n"
-+"\n"
-+msgstr "pam_acct_mgmt: %s\n"
-+"\n"
-
--#~ msgid "Automounter map entry key attribute"
--#~ msgstr "automounter マップエントリーの鍵属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:286
-+msgid "testing pam_setcred\n"
-+"\n"
-+msgstr "pam_setcred のテスト中\n"
-+"\n"
-
--#~ msgid "Automounter map entry value attribute"
--#~ msgstr "automounter マップエントリーの値属性"
-+#: src/tools/sssctl/sssctl_user_checks.c:288
-+#, c-format
-+msgid "pam_setcred: [%s]\n"
-+"\n"
-+msgstr "pam_setcred: [%s]\n"
-+"\n"
-
--#~ msgid "Base DN for automounter map lookups"
--#~ msgstr "automonter のマップ検索のベース DN"
-+#: src/tools/sssctl/sssctl_user_checks.c:290
-+msgid "testing pam_open_session\n"
-+"\n"
-+msgstr "pam_open_session のテスト中\n"
-+"\n"
-
--#~ msgid "Comma separated list of allowed users"
--#~ msgstr "許可ユーザーのカンマ区切り一覧"
-+#: src/tools/sssctl/sssctl_user_checks.c:292
-+#, c-format
-+msgid "pam_open_session: %s\n"
-+"\n"
-+msgstr "pam_open_session: %s\n"
-+"\n"
-
--#~ msgid "Comma separated list of prohibited users"
--#~ msgstr "禁止ユーザーのカンマ区切り一覧"
-+#: src/tools/sssctl/sssctl_user_checks.c:294
-+msgid "testing pam_close_session\n"
-+"\n"
-+msgstr "pam_close_session のテスト中\n"
-+"\n"
-
--#~ msgid "Default shell, /bin/bash"
--#~ msgstr "デフォルトのシェル, /bin/bash"
-+#: src/tools/sssctl/sssctl_user_checks.c:296
-+#, c-format
-+msgid "pam_close_session: %s\n"
-+"\n"
-+msgstr "pam_close_session: %s\n"
-+"\n"
-
--#~ msgid "Base for home directories"
--#~ msgstr "ホームディレクトリーのベース"
-+#: src/tools/sssctl/sssctl_user_checks.c:298
-+msgid "unknown action\n"
-+msgstr "不明なアクション\n"
-
--#~ msgid "The number of preforked proxy children."
--#~ msgstr "事前にフォークされた子プロキシーの数。"
-+#: src/tools/sssctl/sssctl_user_checks.c:301
-+msgid "PAM Environment:\n"
-+msgstr "PAM 環境:\n"
-
--#~ msgid "The name of the NSS library to use"
--#~ msgstr "使用する NSS ライブラリーの名前"
-+#: src/tools/sssctl/sssctl_user_checks.c:309
-+msgid " - no env -\n"
-+msgstr " - no env -\n"
-
--#~ msgid "Whether to look up canonical group name from cache if possible"
--#~ msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
-+#: src/util/util.h:82
-+msgid "The user ID to run the server as"
-+msgstr "次のようにサーバーを実行するユーザー ID"
-
--#~ msgid "PAM stack to use"
--#~ msgstr "使用する PAM スタック"
-+#: src/util/util.h:84
-+msgid "The group ID to run the server as"
-+msgstr "次のようにサーバーを実行するグループ ID"
-
--#~ msgid "Path of passwd file sources."
--#~ msgstr "passwd ファイルソースへのパス"
-+#: src/util/util.h:92
-+msgid "Informs that the responder has been socket-activated"
-+msgstr "レスポンダーがソケットでアクティベートされたと知らせます"
-
--#~ msgid "Path of group file sources."
--#~ msgstr "グループファイルソースへのパス"
-+#: src/util/util.h:94
-+msgid "Informs that the responder has been dbus-activated"
-+msgstr "レスポンダーが dbus でアクティベートされたと知らせます"
-diff --git a/po/sssd.pot b/po/sssd.pot
-index 04a6fb83f..83b388a02 100644
---- a/po/sssd.pot
-+++ b/po/sssd.pot
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2020-05-19 12:05+0200\n"
-+"POT-Creation-Date: 2020-06-17 22:51+0200\n"
- "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
- "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
- "Language-Team: LANGUAGE <LL@li.org>\n"
-@@ -17,6 +17,1801 @@ msgstr ""
- "Content-Type: text/plain; charset=CHARSET\n"
- "Content-Transfer-Encoding: 8bit\n"
-
-+#: src/config/SSSDConfig/sssdoptions.py:20
-+#: src/config/SSSDConfig/sssdoptions.py:21
-+msgid "Set the verbosity of the debug logging"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:22
-+msgid "Include timestamps in debug logs"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:23
-+msgid "Include microseconds in timestamps in debug logs"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:24
-+msgid "Write debug messages to logfiles"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:25
-+msgid "Watchdog timeout before restarting service"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:26
-+msgid "Command to start service"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:27
-+msgid "Number of times to attempt connection to Data Providers"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:28
-+msgid "The number of file descriptors that may be opened by this responder"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:29
-+msgid "Idle time before automatic disconnection of a client"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:30
-+msgid "Idle time before automatic shutdown of the responder"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:31
-+msgid "Always query all the caches before querying the Data Providers"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:32
-+msgid ""
-+"When SSSD switches to offline mode the amount of time before it tries to go "
-+"back online will increase based upon the time spent disconnected. This value "
-+"is in seconds and calculated by the following: offline_timeout + "
-+"random_offset."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:38
-+msgid ""
-+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-+"version 2."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:39
-+msgid "SSSD Services to start"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:40
-+msgid "SSSD Domains to start"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:41
-+msgid "Timeout for messages sent over the SBUS"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:42
-+msgid "Regex to parse username and domain"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:43
-+msgid "Printf-compatible format for displaying fully-qualified names"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:44
-+msgid ""
-+"Directory on the filesystem where SSSD should store Kerberos replay cache "
-+"files."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:45
-+msgid "Domain to add to names without a domain component."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:46
-+msgid "The user to drop privileges to"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:47
-+msgid "Tune certificate verification"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:48
-+msgid "All spaces in group or user names will be replaced with this character"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:49
-+msgid "Tune sssd to honor or ignore netlink state changes"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:50
-+msgid "Enable or disable the implicit files domain"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:51
-+msgid "A specific order of the domains to be looked up"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:52
-+msgid ""
-+"Controls if SSSD should monitor the state of resolv.conf to identify when it "
-+"needs to update its internal DNS resolver."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:54
-+msgid ""
-+"SSSD monitors the state of resolv.conf to identify when it needs to update "
-+"its internal DNS resolver. By default, we will attempt to use inotify for "
-+"this, and will fall back to polling resolv.conf every five seconds if "
-+"inotify cannot be used."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:59
-+msgid "Enumeration cache timeout length (seconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:60
-+msgid "Entry cache background update timeout length (seconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:61
-+#: src/config/SSSDConfig/sssdoptions.py:112
-+msgid "Negative cache timeout length (seconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:62
-+msgid "Files negative cache timeout length (seconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:63
-+msgid "Users that SSSD should explicitly ignore"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:64
-+msgid "Groups that SSSD should explicitly ignore"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:65
-+msgid "Should filtered users appear in groups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:66
-+msgid "The value of the password field the NSS provider should return"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:67
-+msgid "Override homedir value from the identity provider with this value"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:68
-+msgid ""
-+"Substitute empty homedir value from the identity provider with this value"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:69
-+msgid "Override shell value from the identity provider with this value"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:70
-+msgid "The list of shells users are allowed to log in with"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:71
-+msgid ""
-+"The list of shells that will be vetoed, and replaced with the fallback shell"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:72
-+msgid ""
-+"If a shell stored in central directory is allowed but not available, use "
-+"this fallback"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:73
-+msgid "Shell to use if the provider does not list one"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:74
-+msgid "How long will be in-memory cache records valid"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:75
-+msgid ""
-+"The value of this option will be used in the expansion of the "
-+"override_homedir option if the template contains the format string %H."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:77
-+msgid ""
-+"Specifies time in seconds for which the list of subdomains will be "
-+"considered valid."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:79
-+msgid ""
-+"The entry cache can be set to automatically update entries in the background "
-+"if they are requested beyond a percentage of the entry_cache_timeout value "
-+"for the domain."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:84
-+msgid "How long to allow cached logins between online logins (days)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:85
-+msgid "How many failed logins attempts are allowed when offline"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:87
-+msgid ""
-+"How long (minutes) to deny login after offline_failed_login_attempts has "
-+"been reached"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:88
-+msgid "What kind of messages are displayed to the user during authentication"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:89
-+msgid "Filter PAM responses sent to the pam_sss"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:90
-+msgid "How many seconds to keep identity information cached for PAM requests"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:91
-+msgid "How many days before password expiration a warning should be displayed"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:92
-+msgid "List of trusted uids or user's name"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:93
-+msgid "List of domains accessible even for untrusted users."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:94
-+msgid "Message printed when user account is expired."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:95
-+msgid "Message printed when user account is locked."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:96
-+msgid "Allow certificate based/Smartcard authentication."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:97
-+msgid "Path to certificate database with PKCS#11 modules."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:98
-+msgid "How many seconds will pam_sss wait for p11_child to finish"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:99
-+msgid "Which PAM services are permitted to contact application domains"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:100
-+msgid "Allowed services for using smartcards"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:101
-+msgid "Additional timeout to wait for a card if requested"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:102
-+msgid ""
-+"PKCS#11 URI to restrict the selection of devices for Smartcard authentication"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:103
-+msgid "When shall the PAM responder force an initgroups request"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:106
-+msgid "Whether to evaluate the time-based attributes in sudo rules"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:107
-+msgid "If true, SSSD will switch back to lower-wins ordering logic"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:108
-+msgid ""
-+"Maximum number of rules that can be refreshed at once. If this is exceeded, "
-+"full refresh is performed."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:115
-+msgid "Whether to hash host names and addresses in the known_hosts file"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:116
-+msgid ""
-+"How many seconds to keep a host in the known_hosts file after its host keys "
-+"were requested"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:118
-+msgid "Path to storage of trusted CA certificates"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:119
-+msgid "Allow to generate ssh-keys from certificates"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:120
-+msgid ""
-+"Use the following matching rules to filter the certificates for ssh-key "
-+"generation"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:124
-+msgid "List of UIDs or user names allowed to access the PAC responder"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:125
-+msgid "How long the PAC data is considered valid"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:128
-+msgid "List of user attributes the InfoPipe is allowed to publish"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:131
-+msgid "The provider where the secrets will be stored in"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:132
-+msgid "The maximum allowed number of nested containers"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:133
-+msgid "The maximum number of secrets that can be stored"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:134
-+msgid "The maximum number of secrets that can be stored per UID"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:135
-+msgid "The maximum payload size of a secret in kilobytes"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:137
-+msgid "The URL Custodia server is listening on"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:138
-+msgid "The method to use when authenticating to a Custodia server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:139
-+msgid ""
-+"The name of the headers that will be added into a HTTP request with the "
-+"value defined in auth_header_value"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:141
-+msgid "The value sssd-secrets would use for auth_header_name"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:142
-+msgid ""
-+"The list of the headers to forward to the Custodia server together with the "
-+"request"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:143
-+msgid ""
-+"The username to use when authenticating to a Custodia server using basic_auth"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:144
-+msgid ""
-+"The password to use when authenticating to a Custodia server using basic_auth"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:145
-+msgid "If true peer's certificate is verified if proxy_url uses https protocol"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:146
-+msgid ""
-+"If false peer's certificate may contain different hostname than proxy_url "
-+"when https protocol is used"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:148
-+msgid "Path to directory where certificate authority certificates are stored"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:149
-+msgid "Path to file containing server's CA certificate"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:150
-+msgid "Path to file containing client's certificate"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:151
-+msgid "Path to file containing client's private key"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:154
-+msgid ""
-+"One of the following strings specifying the scope of session recording: none "
-+"- No users are recorded. some - Users/groups specified by users and groups "
-+"options are recorded. all - All users are recorded."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:157
-+msgid ""
-+"A comma-separated list of users which should have session recording enabled. "
-+"Matches user names as returned by NSS. I.e. after the possible space "
-+"replacement, case changes, etc."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:159
-+msgid ""
-+"A comma-separated list of groups, members of which should have session "
-+"recording enabled. Matches group names as returned by NSS. I.e. after the "
-+"possible space replacement, case changes, etc."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:164
-+msgid "Identity provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:165
-+msgid "Authentication provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:166
-+msgid "Access control provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:167
-+msgid "Password change provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:168
-+msgid "SUDO provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:169
-+msgid "Autofs provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:170
-+msgid "Host identity provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:171
-+msgid "SELinux provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:172
-+msgid "Session management provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:173
-+msgid "Resolver provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:176
-+msgid "Whether the domain is usable by the OS or by applications"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:177
-+msgid "Minimum user ID"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:178
-+msgid "Maximum user ID"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:179
-+msgid "Enable enumerating all users/groups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:180
-+msgid "Cache credentials for offline login"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:181
-+msgid "Display users/groups in fully-qualified form"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:182
-+msgid "Don't include group members in group lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:183
-+#: src/config/SSSDConfig/sssdoptions.py:193
-+#: src/config/SSSDConfig/sssdoptions.py:194
-+#: src/config/SSSDConfig/sssdoptions.py:195
-+#: src/config/SSSDConfig/sssdoptions.py:196
-+#: src/config/SSSDConfig/sssdoptions.py:197
-+#: src/config/SSSDConfig/sssdoptions.py:198
-+#: src/config/SSSDConfig/sssdoptions.py:199
-+msgid "Entry cache timeout length (seconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:184
-+msgid ""
-+"Restrict or prefer a specific address family when performing DNS lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:185
-+msgid "How long to keep cached entries after last successful login (days)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:186
-+msgid ""
-+"How long should SSSD talk to single DNS server before trying next server "
-+"(miliseconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:188
-+msgid "How long should keep trying to resolve single DNS query (seconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:189
-+msgid "How long to wait for replies from DNS when resolving servers (seconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:190
-+msgid "The domain part of service discovery DNS query"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:191
-+msgid "Override GID value from the identity provider with this value"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:192
-+msgid "Treat usernames as case sensitive"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:200
-+msgid "How often should expired entries be refreshed in background"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:201
-+msgid "Whether to automatically update the client's DNS entry"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:202
-+#: src/config/SSSDConfig/sssdoptions.py:232
-+msgid "The TTL to apply to the client's DNS entry after updating it"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:203
-+#: src/config/SSSDConfig/sssdoptions.py:233
-+msgid "The interface whose IP should be used for dynamic DNS updates"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:204
-+msgid "How often to periodically update the client's DNS entry"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:205
-+msgid "Whether the provider should explicitly update the PTR record as well"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:206
-+msgid "Whether the nsupdate utility should default to using TCP"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:207
-+msgid "What kind of authentication should be used to perform the DNS update"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:208
-+msgid "Override the DNS server used to perform the DNS update"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:209
-+msgid "Control enumeration of trusted domains"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:210
-+msgid "How often should subdomains list be refreshed"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:211
-+msgid "List of options that should be inherited into a subdomain"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:212
-+msgid "Default subdomain homedir value"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:213
-+msgid "How long can cached credentials be used for cached authentication"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:214
-+msgid "Whether to automatically create private groups for users"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:215
-+msgid "Display a warning N days before the password expires."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:216
-+msgid ""
-+"Various tags stored by the realmd configuration service for this domain."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:217
-+msgid ""
-+"The provider which should handle fetching of subdomains. This value should "
-+"be always the same as id_provider."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:219
-+msgid ""
-+"How many seconds to keep a host ssh key after refresh. IE how long to cache "
-+"the host key for."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:221
-+msgid ""
-+"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
-+"this value determines the minimal length the first authentication factor "
-+"(long term password) must have to be saved as SHA512 hash into the cache."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:227
-+msgid "IPA domain"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:228
-+msgid "IPA server address"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:229
-+msgid "Address of backup IPA server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:230
-+msgid "IPA client hostname"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:231
-+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:234
-+msgid "Search base for HBAC related objects"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:235
-+msgid ""
-+"The amount of time between lookups of the HBAC rules against the IPA server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:236
-+msgid ""
-+"The amount of time in seconds between lookups of the SELinux maps against "
-+"the IPA server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:238
-+msgid "If set to false, host argument given by PAM will be ignored"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:239
-+msgid "The automounter location this IPA client is using"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:240
-+msgid "Search base for object containing info about IPA domain"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:241
-+msgid "Search base for objects containing info about ID ranges"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:242
-+#: src/config/SSSDConfig/sssdoptions.py:296
-+msgid "Enable DNS sites - location based service discovery"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:243
-+msgid "Search base for view containers"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:244
-+msgid "Objectclass for view containers"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:245
-+msgid "Attribute with the name of the view"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:246
-+msgid "Objectclass for override objects"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:247
-+msgid "Attribute with the reference to the original object"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:248
-+msgid "Objectclass for user override objects"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:249
-+msgid "Objectclass for group override objects"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:250
-+msgid "Search base for Desktop Profile related objects"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:251
-+msgid ""
-+"The amount of time in seconds between lookups of the Desktop Profile rules "
-+"against the IPA server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:253
-+msgid ""
-+"The amount of time in minutes between lookups of Desktop Profiles rules "
-+"against the IPA server when the last request did not find any rule"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:256
-+msgid "The LDAP attribute that contains FQDN of the host."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:257
-+#: src/config/SSSDConfig/sssdoptions.py:280
-+msgid "The object class of a host entry in LDAP."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:258
-+msgid "Use the given string as search base for host objects."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:259
-+msgid "The LDAP attribute that contains the host's SSH public keys."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:260
-+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:261
-+msgid "The LDAP attribute that contains the names of the netgroup's members."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:262
-+msgid ""
-+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-+"members of the netgroup."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:264
-+msgid ""
-+"The LDAP attribute that lists hosts and host groups that are direct members "
-+"of the netgroup."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:266
-+msgid "The LDAP attribute that lists netgroup's memberships."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:267
-+msgid ""
-+"The LDAP attribute that lists system users and groups that are direct "
-+"members of the netgroup."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:269
-+msgid "The LDAP attribute that corresponds to the netgroup name."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:270
-+msgid "The object class of a netgroup entry in LDAP."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:271
-+msgid ""
-+"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:272
-+msgid ""
-+"The LDAP attribute that contains whether or not is user map enabled for "
-+"usage."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:274
-+msgid "The LDAP attribute that contains host category such as 'all'."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:275
-+msgid ""
-+"The LDAP attribute that contains all hosts / hostgroups this rule match "
-+"against."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:277
-+msgid ""
-+"The LDAP attribute that contains all users / groups this rule match against."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:279
-+msgid "The LDAP attribute that contains the name of SELinux usermap."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:281
-+msgid ""
-+"The LDAP attribute that contains DN of HBAC rule which can be used for "
-+"matching instead of memberUser and memberHost."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:283
-+msgid "The LDAP attribute that contains SELinux user string itself."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:284
-+msgid "The LDAP attribute that contains user category such as 'all'."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:285
-+msgid "The LDAP attribute that contains unique ID of the user map."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:286
-+msgid ""
-+"The option denotes that the SSSD is running on IPA server and should perform "
-+"lookups of users and groups from trusted domains differently."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:288
-+msgid "Use the given string as search base for trusted domains."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:291
-+msgid "Active Directory domain"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:292
-+msgid "Enabled Active Directory domains"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:293
-+msgid "Active Directory server address"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:294
-+msgid "Active Directory backup server address"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:295
-+msgid "Active Directory client hostname"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:297
-+#: src/config/SSSDConfig/sssdoptions.py:488
-+msgid "LDAP filter to determine access privileges"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:298
-+msgid "Whether to use the Global Catalog for lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:299
-+msgid "Operation mode for GPO-based access control"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:300
-+msgid ""
-+"The amount of time between lookups of the GPO policy files against the AD "
-+"server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:301
-+msgid ""
-+"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
-+"settings"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:303
-+msgid ""
-+"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
-+"policy settings"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:305
-+msgid ""
-+"PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:306
-+msgid ""
-+"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:307
-+msgid ""
-+"PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:308
-+msgid "PAM service names for which GPO-based access is always granted"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:309
-+msgid "PAM service names for which GPO-based access is always denied"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:310
-+msgid ""
-+"Default logon right (or permit/deny) to use for unmapped PAM service names"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:311
-+msgid "a particular site to be used by the client"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:312
-+msgid ""
-+"Maximum age in days before the machine account password should be renewed"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:314
-+msgid "Option for tuning the machine account renewal task"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:315
-+msgid "Whether to update the machine account password in the Samba database"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:317
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:320
-+#: src/config/SSSDConfig/sssdoptions.py:321
-+msgid "Kerberos server address"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:322
-+msgid "Kerberos backup server address"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:323
-+msgid "Kerberos realm"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:324
-+msgid "Authentication timeout"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:325
-+msgid "Whether to create kdcinfo files"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:326
-+msgid "Where to drop krb5 config snippets"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:329
-+msgid "Directory to store credential caches"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:330
-+msgid "Location of the user's credential cache"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:331
-+msgid "Location of the keytab to validate credentials"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:332
-+msgid "Enable credential validation"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:333
-+msgid "Store password if offline for later online authentication"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:334
-+msgid "Renewable lifetime of the TGT"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:335
-+msgid "Lifetime of the TGT"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:336
-+msgid "Time between two checks for renewal"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:337
-+msgid "Enables FAST"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:338
-+msgid "Selects the principal to use for FAST"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:339
-+msgid "Enables principal canonicalization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:340
-+msgid "Enables enterprise principals"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:341
-+msgid "A mapping from user names to Kerberos principal names"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:344
-+#: src/config/SSSDConfig/sssdoptions.py:345
-+msgid "Server where the change password service is running if not on the KDC"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:348
-+msgid "ldap_uri, The URI of the LDAP server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:349
-+msgid "ldap_backup_uri, The URI of the LDAP server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:350
-+msgid "The default base DN"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:351
-+msgid "The Schema Type in use on the LDAP server, rfc2307"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:352
-+msgid "Mode used to change user password"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:353
-+msgid "The default bind DN"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:354
-+msgid "The type of the authentication token of the default bind DN"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:355
-+msgid "The authentication token of the default bind DN"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:356
-+msgid "Length of time to attempt connection"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:357
-+msgid "Length of time to attempt synchronous LDAP operations"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:358
-+msgid "Length of time between attempts to reconnect while offline"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:359
-+msgid "Use only the upper case for realm names"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:360
-+msgid "File that contains CA certificates"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:361
-+msgid "Path to CA certificate directory"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:362
-+msgid "File that contains the client certificate"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:363
-+msgid "File that contains the client key"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:364
-+msgid "List of possible ciphers suites"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:365
-+msgid "Require TLS certificate verification"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:366
-+msgid "Specify the sasl mechanism to use"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:367
-+msgid "Specify the sasl authorization id to use"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:368
-+msgid "Specify the sasl authorization realm to use"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:369
-+msgid "Specify the minimal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:370
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:371
-+msgid "Kerberos service keytab"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:372
-+msgid "Use Kerberos auth for LDAP connection"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:373
-+msgid "Follow LDAP referrals"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:374
-+msgid "Lifetime of TGT for LDAP connection"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:375
-+msgid "How to dereference aliases"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:376
-+msgid "Service name for DNS service lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:377
-+msgid "The number of records to retrieve in a single LDAP query"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:378
-+msgid "The number of members that must be missing to trigger a full deref"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:379
-+msgid ""
-+"Whether the LDAP library should perform a reverse lookup to canonicalize the "
-+"host name during a SASL bind"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:381
-+msgid ""
-+"Allows to retain local users as members of an LDAP group for servers that "
-+"use the RFC2307 schema."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:384
-+msgid "entryUSN attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:385
-+msgid "lastUSN attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:387
-+msgid "How long to retain a connection to the LDAP server before disconnecting"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:390
-+msgid "Disable the LDAP paging control"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:391
-+msgid "Disable Active Directory range retrieval"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:394
-+msgid "Length of time to wait for a search request"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:395
-+msgid "Length of time to wait for a enumeration request"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:396
-+msgid "Length of time between enumeration updates"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:397
-+msgid "Length of time between cache cleanups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:398
-+msgid "Require TLS for ID lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:399
-+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:400
-+msgid "Base DN for user lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:401
-+msgid "Scope of user lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:402
-+msgid "Filter for user lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:403
-+msgid "Objectclass for users"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:404
-+msgid "Username attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:405
-+msgid "UID attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:406
-+msgid "Primary GID attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:407
-+msgid "GECOS attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:408
-+msgid "Home directory attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:409
-+msgid "Shell attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:410
-+msgid "UUID attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:411
-+#: src/config/SSSDConfig/sssdoptions.py:449
-+msgid "objectSID attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:412
-+msgid "Active Directory primary group attribute for ID-mapping"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:413
-+msgid "User principal attribute (for Kerberos)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:414
-+msgid "Full Name"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:415
-+msgid "memberOf attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:416
-+msgid "Modification time attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:417
-+msgid "shadowLastChange attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:418
-+msgid "shadowMin attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:419
-+msgid "shadowMax attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:420
-+msgid "shadowWarning attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:421
-+msgid "shadowInactive attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:422
-+msgid "shadowExpire attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:423
-+msgid "shadowFlag attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:424
-+msgid "Attribute listing authorized PAM services"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:425
-+msgid "Attribute listing authorized server hosts"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:426
-+msgid "Attribute listing authorized server rhosts"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:427
-+msgid "krbLastPwdChange attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:428
-+msgid "krbPasswordExpiration attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:429
-+msgid "Attribute indicating that server side password policies are active"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:430
-+msgid "accountExpires attribute of AD"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:431
-+msgid "userAccountControl attribute of AD"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:432
-+msgid "nsAccountLock attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:433
-+msgid "loginDisabled attribute of NDS"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:434
-+msgid "loginExpirationTime attribute of NDS"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:435
-+msgid "loginAllowedTimeMap attribute of NDS"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:436
-+msgid "SSH public key attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:437
-+msgid "attribute listing allowed authentication types for a user"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:438
-+msgid "attribute containing the X509 certificate of the user"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:439
-+msgid "attribute containing the email address of the user"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:440
-+msgid "A list of extra attributes to download along with the user entry"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:442
-+msgid "Base DN for group lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:443
-+msgid "Objectclass for groups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:444
-+msgid "Group name"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:445
-+msgid "Group password"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:446
-+msgid "GID attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:447
-+msgid "Group member attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:448
-+msgid "Group UUID attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:450
-+msgid "Modification time attribute for groups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:451
-+msgid "Type of the group and other flags"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:452
-+msgid "The LDAP group external member attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:453
-+msgid "Maximum nesting level SSSD will follow"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:454
-+msgid "Filter for group lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:455
-+msgid "Scope of group lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:457
-+msgid "Base DN for netgroup lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:458
-+msgid "Objectclass for netgroups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:459
-+msgid "Netgroup name"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:460
-+msgid "Netgroups members attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:461
-+msgid "Netgroup triple attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:462
-+msgid "Modification time attribute for netgroups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:464
-+msgid "Base DN for service lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:465
-+msgid "Objectclass for services"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:466
-+msgid "Service name attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:467
-+msgid "Service port attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:468
-+msgid "Service protocol attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:470
-+msgid "Lower bound for ID-mapping"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:471
-+msgid "Upper bound for ID-mapping"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:472
-+msgid "Number of IDs for each slice when ID-mapping"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:473
-+msgid "Use autorid-compatible algorithm for ID-mapping"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:474
-+msgid "Name of the default domain for ID-mapping"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:475
-+msgid "SID of the default domain for ID-mapping"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:476
-+msgid "Number of secondary slices"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:478
-+msgid "Whether to use Token-Groups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:479
-+msgid "Set lower boundary for allowed IDs from the LDAP server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:480
-+msgid "Set upper boundary for allowed IDs from the LDAP server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:481
-+msgid "DN for ppolicy queries"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:482
-+msgid "How many maximum entries to fetch during a wildcard request"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:485
-+msgid "Policy to evaluate the password expiration"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:489
-+msgid "Which attributes shall be used to evaluate if an account is expired"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:490
-+msgid "Which rules should be used to evaluate access control"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:493
-+msgid "URI of an LDAP server where password changes are allowed"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:494
-+msgid "URI of a backup LDAP server where password changes are allowed"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:495
-+msgid "DNS service name for LDAP password change server"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:496
-+msgid ""
-+"Whether to update the ldap_user_shadow_last_change attribute after a "
-+"password change"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:500
-+msgid "Base DN for sudo rules lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:501
-+msgid "Automatic full refresh period"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:502
-+msgid "Automatic smart refresh period"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:503
-+msgid "Whether to filter rules by hostname, IP addresses and network"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:504
-+msgid ""
-+"Hostnames and/or fully qualified domain names of this machine to filter sudo "
-+"rules"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:505
-+msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:506
-+msgid "Whether to include rules that contains netgroup in host attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:507
-+msgid ""
-+"Whether to include rules that contains regular expression in host attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:508
-+msgid "Object class for sudo rules"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:509
-+msgid "Name of attribute that is used as object class for sudo rules"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:510
-+msgid "Sudo rule name"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:511
-+msgid "Sudo rule command attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:512
-+msgid "Sudo rule host attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:513
-+msgid "Sudo rule user attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:514
-+msgid "Sudo rule option attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:515
-+msgid "Sudo rule runas attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:516
-+msgid "Sudo rule runasuser attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:517
-+msgid "Sudo rule runasgroup attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:518
-+msgid "Sudo rule notbefore attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:519
-+msgid "Sudo rule notafter attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:520
-+msgid "Sudo rule order attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:523
-+msgid "Object class for automounter maps"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:524
-+msgid "Automounter map name attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:525
-+msgid "Object class for automounter map entries"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:526
-+msgid "Automounter map entry key attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:527
-+msgid "Automounter map entry value attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:528
-+msgid "Base DN for automounter map lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:529
-+msgid "The name of the automount master map in LDAP."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:532
-+msgid "Base DN for IP hosts lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:533
-+msgid "Object class for IP hosts"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:534
-+msgid "IP host name attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:535
-+msgid "IP host number (address) attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:536
-+msgid "IP host entryUSN attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:537
-+msgid "Base DN for IP networks lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:538
-+msgid "Object class for IP networks"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:539
-+msgid "IP network name attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:540
-+msgid "IP network number (address) attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:541
-+msgid "IP network entryUSN attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:544
-+msgid "Comma separated list of allowed users"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:545
-+msgid "Comma separated list of prohibited users"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:546
-+msgid ""
-+"Comma separated list of groups that are allowed to log in. This applies only "
-+"to groups within this SSSD domain. Local groups are not evaluated."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:548
-+msgid ""
-+"Comma separated list of groups that are explicitly denied access. This "
-+"applies only to groups within this SSSD domain. Local groups are not "
-+"evaluated."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:552
-+msgid "Base for home directories"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:553
-+msgid "Indicate if a home directory should be created for new users."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:554
-+msgid "Indicate if a home directory should be removed for deleted users."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:555
-+msgid "Specify the default permissions on a newly created home directory."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:556
-+msgid "The skeleton directory."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:557
-+msgid "The mail spool directory."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:558
-+msgid "The command that is run after a user is removed."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:561
-+msgid "The number of preforked proxy children."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:564
-+msgid "The name of the NSS library to use"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:565
-+msgid "The name of the NSS library to use for hosts and networks lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:566
-+msgid "Whether to look up canonical group name from cache if possible"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:569
-+msgid "PAM stack to use"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:572
-+msgid "Path of passwd file sources."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:573
-+msgid "Path of group file sources."
-+msgstr ""
-+
- #: src/monitor/monitor.c:2371
- msgid "Become a daemon (default)"
- msgstr ""
-@@ -29,7 +1824,8 @@ msgstr ""
- msgid "Disable netlink interface"
- msgstr ""
-
--#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_logs.c:310
-+#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_config.c:77
-+#: src/tools/sssctl/sssctl_logs.c:310
- msgid "Specify a non-default config file"
- msgstr ""
-
-@@ -145,88 +1941,88 @@ msgstr ""
- msgid "Permission denied. "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:779
--#: src/sss_client/pam_sss.c:790
-+#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:781
-+#: src/sss_client/pam_sss.c:792
- msgid "Server message: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:297
-+#: src/sss_client/pam_sss.c:299
- msgid "Passwords do not match"
- msgstr ""
-
--#: src/sss_client/pam_sss.c:485
-+#: src/sss_client/pam_sss.c:487
- msgid "Password reset by root is not supported."
- msgstr ""
-
--#: src/sss_client/pam_sss.c:526
-+#: src/sss_client/pam_sss.c:528
- msgid "Authenticated with cached credentials"
- msgstr ""
-
--#: src/sss_client/pam_sss.c:527
-+#: src/sss_client/pam_sss.c:529
- msgid ", your cached password will expire at: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:557
-+#: src/sss_client/pam_sss.c:559
- #, c-format
- msgid "Your password has expired. You have %1$d grace login(s) remaining."
- msgstr ""
-
--#: src/sss_client/pam_sss.c:603
-+#: src/sss_client/pam_sss.c:605
- #, c-format
- msgid "Your password will expire in %1$d %2$s."
- msgstr ""
-
--#: src/sss_client/pam_sss.c:652
-+#: src/sss_client/pam_sss.c:654
- msgid "Authentication is denied until: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:673
-+#: src/sss_client/pam_sss.c:675
- msgid "System is offline, password change not possible"
- msgstr ""
-
--#: src/sss_client/pam_sss.c:688
-+#: src/sss_client/pam_sss.c:690
- msgid ""
- "After changing the OTP password, you need to log out and back in order to "
- "acquire a ticket"
- msgstr ""
-
--#: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
-+#: src/sss_client/pam_sss.c:778 src/sss_client/pam_sss.c:791
- msgid "Password change failed. "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2008
-+#: src/sss_client/pam_sss.c:2015
- msgid "New Password: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2009
-+#: src/sss_client/pam_sss.c:2016
- msgid "Reenter new Password: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2171 src/sss_client/pam_sss.c:2174
-+#: src/sss_client/pam_sss.c:2178 src/sss_client/pam_sss.c:2181
- msgid "First Factor: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
-+#: src/sss_client/pam_sss.c:2179 src/sss_client/pam_sss.c:2353
- msgid "Second Factor (optional): "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
-+#: src/sss_client/pam_sss.c:2182 src/sss_client/pam_sss.c:2356
- msgid "Second Factor: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2190
-+#: src/sss_client/pam_sss.c:2200
- msgid "Password: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
-+#: src/sss_client/pam_sss.c:2352 src/sss_client/pam_sss.c:2355
- msgid "First Factor (Current Password): "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2349
-+#: src/sss_client/pam_sss.c:2359
- msgid "Current Password: "
- msgstr ""
-
--#: src/sss_client/pam_sss.c:2704
-+#: src/sss_client/pam_sss.c:2714
- msgid "Password expired. Change your password now."
- msgstr ""
-
-@@ -901,51 +2697,51 @@ msgstr ""
- msgid "Search by group ID"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:70
-+#: src/tools/sssctl/sssctl_config.c:112
- #, c-format
- msgid "Failed to open %s\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:75
-+#: src/tools/sssctl/sssctl_config.c:117
- #, c-format
- msgid "File %1$s does not exist.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:79
-+#: src/tools/sssctl/sssctl_config.c:121
- msgid ""
- "File ownership and permissions check failed. Expected root:root and 0600.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:85
-+#: src/tools/sssctl/sssctl_config.c:127
- #, c-format
- msgid "Failed to load configuration from %s.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:91
-+#: src/tools/sssctl/sssctl_config.c:133
- msgid "Error while reading configuration directory.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:99
-+#: src/tools/sssctl/sssctl_config.c:141
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:111
-+#: src/tools/sssctl/sssctl_config.c:153
- msgid "Failed to run validators"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:115
-+#: src/tools/sssctl/sssctl_config.c:157
- #, c-format
- msgid "Issues identified by validators: %zu\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:126
-+#: src/tools/sssctl/sssctl_config.c:168
- #, c-format
- msgid "Messages generated during configuration merging: %zu\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:137
-+#: src/tools/sssctl/sssctl_config.c:179
- #, c-format
- msgid "Used configuration snippet files: %zu\n"
- msgstr ""
-diff --git a/po/zh_CN.po b/po/zh_CN.po
-index 44579e70f..892f81453 100644
---- a/po/zh_CN.po
-+++ b/po/zh_CN.po
-@@ -4,41 +4,1845 @@
- #
- # Translators:
- # Christopher Meng <cickumqt@gmail.com>, 2012
-+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata
- msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2020-05-19 12:05+0200\n"
--"PO-Revision-Date: 2014-12-14 11:50+0000\n"
-+"POT-Creation-Date: 2020-06-17 22:51+0200\n"
-+"MIME-Version: 1.0\n"
-+"Content-Type: text/plain; charset=UTF-8\n"
-+"Content-Transfer-Encoding: 8bit\n"
-+"PO-Revision-Date: 2020-06-18 09:05+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
- "language/zh_CN/)\n"
- "Language: zh_CN\n"
--"MIME-Version: 1.0\n"
--"Content-Type: text/plain; charset=UTF-8\n"
--"Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=1; plural=0;\n"
- "X-Generator: Zanata 4.6.2\n"
-
-+#: src/config/SSSDConfig/sssdoptions.py:20
-+#: src/config/SSSDConfig/sssdoptions.py:21
-+msgid "Set the verbosity of the debug logging"
-+msgstr "设定调试日志记录等级"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:22
-+msgid "Include timestamps in debug logs"
-+msgstr "在调试日志中包含时间戳"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:23
-+msgid "Include microseconds in timestamps in debug logs"
-+msgstr "在调试日志中的时间戳中包含微秒"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:24
-+msgid "Write debug messages to logfiles"
-+msgstr "写入调试信息到日志文件"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:25
-+msgid "Watchdog timeout before restarting service"
-+msgstr "重新启动服务前 Watchdog 超时"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:26
-+msgid "Command to start service"
-+msgstr "启动服务命令"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:27
-+msgid "Number of times to attempt connection to Data Providers"
-+msgstr "试图连接到 Data Providers 的次数"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:28
-+msgid "The number of file descriptors that may be opened by this responder"
-+msgstr "可能会被该响应者打开的文件描述符的数量"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:29
-+msgid "Idle time before automatic disconnection of a client"
-+msgstr "客户端自动断开连接之前的空闲时间"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:30
-+msgid "Idle time before automatic shutdown of the responder"
-+msgstr "自动关闭响应者之前的空闲时间"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:31
-+msgid "Always query all the caches before querying the Data Providers"
-+msgstr "在查询 Data Providers 之前,始终查询所有缓存"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:32
-+msgid ""
-+"When SSSD switches to offline mode the amount of time before it tries to go "
-+"back online will increase based upon the time spent disconnected. This value "
-+"is in seconds and calculated by the following: offline_timeout + "
-+"random_offset."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:38
-+msgid ""
-+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
-+"version 2."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:39
-+msgid "SSSD Services to start"
-+msgstr "SSSD 服务启动"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:40
-+msgid "SSSD Domains to start"
-+msgstr "SSSD 域启动"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:41
-+msgid "Timeout for messages sent over the SBUS"
-+msgstr "通过 SBUS 发送的消息超时"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:42
-+msgid "Regex to parse username and domain"
-+msgstr "正则表达式解析用户名和域"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:43
-+msgid "Printf-compatible format for displaying fully-qualified names"
-+msgstr "兼容 Printf 的格式用于显示完全限定名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:44
-+msgid ""
-+"Directory on the filesystem where SSSD should store Kerberos replay cache "
-+"files."
-+msgstr "SSSD 应该在其中存储 Kerberos 重放缓存文件的文件系统上的目录。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:45
-+msgid "Domain to add to names without a domain component."
-+msgstr "要添加到名称中的域,没有域组件。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:46
-+msgid "The user to drop privileges to"
-+msgstr "放弃特权的用户"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:47
-+msgid "Tune certificate verification"
-+msgstr "调整证书验证"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:48
-+msgid "All spaces in group or user names will be replaced with this character"
-+msgstr "组或用户名中的所有空格都将替换为该字符"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:49
-+msgid "Tune sssd to honor or ignore netlink state changes"
-+msgstr "调整 sssd 来接受或忽略 netlink 状态更改"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:50
-+msgid "Enable or disable the implicit files domain"
-+msgstr "启用或禁用隐式文件域"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:51
-+msgid "A specific order of the domains to be looked up"
-+msgstr "要查询的域的特定顺序"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:52
-+msgid ""
-+"Controls if SSSD should monitor the state of resolv.conf to identify when it "
-+"needs to update its internal DNS resolver."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:54
-+msgid ""
-+"SSSD monitors the state of resolv.conf to identify when it needs to update "
-+"its internal DNS resolver. By default, we will attempt to use inotify for "
-+"this, and will fall back to polling resolv.conf every five seconds if "
-+"inotify cannot be used."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:59
-+msgid "Enumeration cache timeout length (seconds)"
-+msgstr "枚举缓存超时时间(秒)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:60
-+msgid "Entry cache background update timeout length (seconds)"
-+msgstr "条目缓存后台更新超时时间(秒)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:61
-+#: src/config/SSSDConfig/sssdoptions.py:112
-+msgid "Negative cache timeout length (seconds)"
-+msgstr "负缓存超时时间(秒)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:62
-+msgid "Files negative cache timeout length (seconds)"
-+msgstr "文件负缓存超时时间(秒)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:63
-+msgid "Users that SSSD should explicitly ignore"
-+msgstr "SSSD 应该明确忽略的用户"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:64
-+msgid "Groups that SSSD should explicitly ignore"
-+msgstr "SSSD 应该明确忽略的组"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:65
-+msgid "Should filtered users appear in groups"
-+msgstr "出现在组中的应将过滤的用户"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:66
-+msgid "The value of the password field the NSS provider should return"
-+msgstr "NSS 提供程序应返回的密码字段的值"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:67
-+msgid "Override homedir value from the identity provider with this value"
-+msgstr "使用此值覆盖来自身份提供者的 homedir 值"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:68
-+msgid ""
-+"Substitute empty homedir value from the identity provider with this value"
-+msgstr "使用此值替换来自身份提供者的空的 homedir 值"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:69
-+msgid "Override shell value from the identity provider with this value"
-+msgstr "使用此值覆盖来自身份提供者的 shell 值"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:70
-+msgid "The list of shells users are allowed to log in with"
-+msgstr "允许进行登陆的 shell 用户列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:71
-+msgid ""
-+"The list of shells that will be vetoed, and replaced with the fallback shell"
-+msgstr "将被否决并替换为后备 shell 的 shell 列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:72
-+msgid ""
-+"If a shell stored in central directory is allowed but not available, use "
-+"this fallback"
-+msgstr "如果允许使用存储在中央目录中的 shell 但并不存在,使用这个后备"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:73
-+msgid "Shell to use if the provider does not list one"
-+msgstr "如果提供程序未列出,则使用这个 shell"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:74
-+msgid "How long will be in-memory cache records valid"
-+msgstr "内存缓存记录有效期的长度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:75
-+msgid ""
-+"The value of this option will be used in the expansion of the "
-+"override_homedir option if the template contains the format string %H."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:77
-+msgid ""
-+"Specifies time in seconds for which the list of subdomains will be "
-+"considered valid."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:79
-+msgid ""
-+"The entry cache can be set to automatically update entries in the background "
-+"if they are requested beyond a percentage of the entry_cache_timeout value "
-+"for the domain."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:84
-+msgid "How long to allow cached logins between online logins (days)"
-+msgstr "在线登录间隔多长时间内允许使用缓存的登录(以天为单位)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:85
-+msgid "How many failed logins attempts are allowed when offline"
-+msgstr "离线时允许多少次失败的登录尝试"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:87
-+msgid ""
-+"How long (minutes) to deny login after offline_failed_login_attempts has "
-+"been reached"
-+msgstr "当达到 offline_failed_login_attempts 之后多长时间要拒绝登录(以分钟为单位)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:88
-+msgid "What kind of messages are displayed to the user during authentication"
-+msgstr "在身份验证期间向用户显示什么信息"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:89
-+msgid "Filter PAM responses sent to the pam_sss"
-+msgstr "过滤发送到 pam_sss 的 PAM 响应"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:90
-+msgid "How many seconds to keep identity information cached for PAM requests"
-+msgstr "为 PAM 请求保留多长时间的身份信息缓存(以秒为单位)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:91
-+msgid "How many days before password expiration a warning should be displayed"
-+msgstr "在密码过期前几天应显示警告信息"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:92
-+msgid "List of trusted uids or user's name"
-+msgstr "受信任的 uid 或用户名列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:93
-+msgid "List of domains accessible even for untrusted users."
-+msgstr "即使不受信任的用户也可以访问的域列表。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:94
-+msgid "Message printed when user account is expired."
-+msgstr "当用户帐户过期时显示的消息。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:95
-+msgid "Message printed when user account is locked."
-+msgstr "当用户帐户被锁住时显示的消息。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:96
-+msgid "Allow certificate based/Smartcard authentication."
-+msgstr "允许基于证书/智能卡的身份验证。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:97
-+msgid "Path to certificate database with PKCS#11 modules."
-+msgstr "带有 PKCS#11 模块的证书数据库的路径。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:98
-+msgid "How many seconds will pam_sss wait for p11_child to finish"
-+msgstr "pam_sss 等待 p11_child 完成的时间(以秒为单位)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:99
-+msgid "Which PAM services are permitted to contact application domains"
-+msgstr "允许哪些 PAM 服务联系应用程序域"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:100
-+msgid "Allowed services for using smartcards"
-+msgstr "允许服务使用智能卡"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:101
-+msgid "Additional timeout to wait for a card if requested"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:102
-+msgid ""
-+"PKCS#11 URI to restrict the selection of devices for Smartcard "
-+"authentication"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:103
-+msgid "When shall the PAM responder force an initgroups request"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:106
-+msgid "Whether to evaluate the time-based attributes in sudo rules"
-+msgstr "是否在 sudo 规则中评估基于时间的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:107
-+msgid "If true, SSSD will switch back to lower-wins ordering logic"
-+msgstr "如果为 true,SSSD 将切换回 lower-wins ordering 逻辑"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:108
-+msgid ""
-+"Maximum number of rules that can be refreshed at once. If this is exceeded, "
-+"full refresh is performed."
-+msgstr "一次可以刷新的最大规则数。如果超出此范围,则执行完全刷新。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:115
-+msgid "Whether to hash host names and addresses in the known_hosts file"
-+msgstr "在 known_hosts 文件中是否对主机名和地址进行哈希处理"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:116
-+msgid ""
-+"How many seconds to keep a host in the known_hosts file after its host keys "
-+"were requested"
-+msgstr "当请求了它的主机密钥后,将主机保留在 known_hosts 文件中的时间(以秒为单位)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:118
-+msgid "Path to storage of trusted CA certificates"
-+msgstr "到可信 CA 证书存储的路径"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:119
-+msgid "Allow to generate ssh-keys from certificates"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:120
-+msgid ""
-+"Use the following matching rules to filter the certificates for ssh-key "
-+"generation"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:124
-+msgid "List of UIDs or user names allowed to access the PAC responder"
-+msgstr "允许访问 PAC 响应者的 UID 或用户名列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:125
-+msgid "How long the PAC data is considered valid"
-+msgstr "PAC 数据被视为有效的时间长度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:128
-+msgid "List of user attributes the InfoPipe is allowed to publish"
-+msgstr "允许 InfoPipe 发布的用户属性列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:131
-+msgid "The provider where the secrets will be stored in"
-+msgstr "存储 secret 的提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:132
-+msgid "The maximum allowed number of nested containers"
-+msgstr "允许嵌套的最大容器数量"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:133
-+msgid "The maximum number of secrets that can be stored"
-+msgstr "可以存储的最大 secret 数量"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:134
-+msgid "The maximum number of secrets that can be stored per UID"
-+msgstr "每个 UID 可以存储的最大 secret 数量"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:135
-+msgid "The maximum payload size of a secret in kilobytes"
-+msgstr "一个 secret 的最大有效负载的大小(以千字节为单位)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:137
-+msgid "The URL Custodia server is listening on"
-+msgstr "正在侦听的 URL Custodia 服务器"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:138
-+msgid "The method to use when authenticating to a Custodia server"
-+msgstr "当向 Custodia 服务器进行身份验证时使用的方法"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:139
-+msgid ""
-+"The name of the headers that will be added into a HTTP request with the "
-+"value defined in auth_header_value"
-+msgstr "将使用 auth_header_value 中定义的值添加到 HTTP 请求中的标头名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:141
-+msgid "The value sssd-secrets would use for auth_header_name"
-+msgstr "用于 auth_header_name 的 sssd-secrets 值"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:142
-+msgid ""
-+"The list of the headers to forward to the Custodia server together with the "
-+"request"
-+msgstr "与请求一起转发到 Custodia 服务器的标头列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:143
-+msgid ""
-+"The username to use when authenticating to a Custodia server using "
-+"basic_auth"
-+msgstr "当向使用 basic_auth 的 Custodia 服务器进行身份验证时使用的用户名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:144
-+msgid ""
-+"The password to use when authenticating to a Custodia server using "
-+"basic_auth"
-+msgstr "当向使用 basic_auth 的 Custodia 服务器进行身份验证时使用的密码"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:145
-+msgid ""
-+"If true peer's certificate is verified if proxy_url uses https protocol"
-+msgstr "如果 proxy_url 使用 https 协议,是否验证真实的对等方的证书"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:146
-+msgid ""
-+"If false peer's certificate may contain different hostname than proxy_url "
-+"when https protocol is used"
-+msgstr "使用 https 协议时,错误的对等方证书的主机名可能与 proxy_url 不同"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:148
-+msgid "Path to directory where certificate authority certificates are stored"
-+msgstr "证书颁发机构证书存储目录的路径"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:149
-+msgid "Path to file containing server's CA certificate"
-+msgstr "包含服务器 CA 证书的文件的路径"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:150
-+msgid "Path to file containing client's certificate"
-+msgstr "包含客户端证书的文件的路径"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:151
-+msgid "Path to file containing client's private key"
-+msgstr "包含客户端私钥的文件的路径"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:154
-+msgid ""
-+"One of the following strings specifying the scope of session recording: none "
-+"- No users are recorded. some - Users/groups specified by users and groups "
-+"options are recorded. all - All users are recorded."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:157
-+msgid ""
-+"A comma-separated list of users which should have session recording enabled. "
-+"Matches user names as returned by NSS. I.e. after the possible space "
-+"replacement, case changes, etc."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:159
-+msgid ""
-+"A comma-separated list of groups, members of which should have session "
-+"recording enabled. Matches group names as returned by NSS. I.e. after the "
-+"possible space replacement, case changes, etc."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:164
-+msgid "Identity provider"
-+msgstr "身份提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:165
-+msgid "Authentication provider"
-+msgstr "身份验证提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:166
-+msgid "Access control provider"
-+msgstr "访问控制提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:167
-+msgid "Password change provider"
-+msgstr "密码改变提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:168
-+msgid "SUDO provider"
-+msgstr "SUDO 提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:169
-+msgid "Autofs provider"
-+msgstr "Autofs 提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:170
-+msgid "Host identity provider"
-+msgstr "主机身份提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:171
-+msgid "SELinux provider"
-+msgstr "SELinux 提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:172
-+msgid "Session management provider"
-+msgstr "会话管理提供者"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:173
-+msgid "Resolver provider"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:176
-+msgid "Whether the domain is usable by the OS or by applications"
-+msgstr "域是否可以被 OS 或应用程序使用"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:177
-+msgid "Minimum user ID"
-+msgstr "最小用户 ID"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:178
-+msgid "Maximum user ID"
-+msgstr "最大用户 ID"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:179
-+msgid "Enable enumerating all users/groups"
-+msgstr "启用枚举所有用户/组"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:180
-+msgid "Cache credentials for offline login"
-+msgstr "为脱机登录缓存凭据"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:181
-+msgid "Display users/groups in fully-qualified form"
-+msgstr "以完全限定的形式显示用户/组"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:182
-+msgid "Don't include group members in group lookups"
-+msgstr "在组查询中不包括的组成员"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:183
-+#: src/config/SSSDConfig/sssdoptions.py:193
-+#: src/config/SSSDConfig/sssdoptions.py:194
-+#: src/config/SSSDConfig/sssdoptions.py:195
-+#: src/config/SSSDConfig/sssdoptions.py:196
-+#: src/config/SSSDConfig/sssdoptions.py:197
-+#: src/config/SSSDConfig/sssdoptions.py:198
-+#: src/config/SSSDConfig/sssdoptions.py:199
-+msgid "Entry cache timeout length (seconds)"
-+msgstr "输入缓存超时时间(秒)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:184
-+msgid ""
-+"Restrict or prefer a specific address family when performing DNS lookups"
-+msgstr "执行 DNS 查找时限制或首选使用特定的地址系列"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:185
-+msgid "How long to keep cached entries after last successful login (days)"
-+msgstr "上次成功登录后保留缓存条目的时间(天)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:186
-+msgid ""
-+"How long should SSSD talk to single DNS server before trying next server "
-+"(miliseconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:188
-+msgid "How long should keep trying to resolve single DNS query (seconds)"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:189
-+msgid "How long to wait for replies from DNS when resolving servers (seconds)"
-+msgstr "解析服务器时等待 DNS 回复的时间(秒)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:190
-+msgid "The domain part of service discovery DNS query"
-+msgstr "服务发现 DNS 查询的域部分"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:191
-+msgid "Override GID value from the identity provider with this value"
-+msgstr "使用此值覆盖来自身份提供者的 GID 值"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:192
-+msgid "Treat usernames as case sensitive"
-+msgstr "用户名区分大小写"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:200
-+msgid "How often should expired entries be refreshed in background"
-+msgstr "过期条目应在后台刷新的频率"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:201
-+msgid "Whether to automatically update the client's DNS entry"
-+msgstr "是否自动更新客户端的 DNS 条目"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:202
-+#: src/config/SSSDConfig/sssdoptions.py:232
-+msgid "The TTL to apply to the client's DNS entry after updating it"
-+msgstr "更新后应用于客户端 DNS 条目的TTL"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:203
-+#: src/config/SSSDConfig/sssdoptions.py:233
-+msgid "The interface whose IP should be used for dynamic DNS updates"
-+msgstr "应该用于动态 DNS 更新的接口的 IP 地址"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:204
-+msgid "How often to periodically update the client's DNS entry"
-+msgstr "定期更新客户端的 DNS 条目的频率"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:205
-+msgid "Whether the provider should explicitly update the PTR record as well"
-+msgstr "提供者是否应该明确更新 PTR 记录"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:206
-+msgid "Whether the nsupdate utility should default to using TCP"
-+msgstr "nsupdate 实用程序是否应默认使用 TCP"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:207
-+msgid "What kind of authentication should be used to perform the DNS update"
-+msgstr "在执行 DNS 更新时应该使用哪种身份验证"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:208
-+msgid "Override the DNS server used to perform the DNS update"
-+msgstr "覆盖用于执行 DNS 更新的 DNS 服务器"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:209
-+msgid "Control enumeration of trusted domains"
-+msgstr "信任域的控制枚举"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:210
-+msgid "How often should subdomains list be refreshed"
-+msgstr "子域列表应该多久刷新一次"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:211
-+msgid "List of options that should be inherited into a subdomain"
-+msgstr "应该被继承到子域中的选项列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:212
-+msgid "Default subdomain homedir value"
-+msgstr "默认子域 homedir 值"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:213
-+msgid "How long can cached credentials be used for cached authentication"
-+msgstr "可以使用缓存凭证用于缓存身份验证的时间"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:214
-+msgid "Whether to automatically create private groups for users"
-+msgstr "是否自动为用户创建私人组"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:215
-+msgid "Display a warning N days before the password expires."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:216
-+msgid ""
-+"Various tags stored by the realmd configuration service for this domain."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:217
-+msgid ""
-+"The provider which should handle fetching of subdomains. This value should "
-+"be always the same as id_provider."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:219
-+msgid ""
-+"How many seconds to keep a host ssh key after refresh. IE how long to cache "
-+"the host key for."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:221
-+msgid ""
-+"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
-+"this value determines the minimal length the first authentication factor "
-+"(long term password) must have to be saved as SHA512 hash into the cache."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:227
-+msgid "IPA domain"
-+msgstr "IPA 域"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:228
-+msgid "IPA server address"
-+msgstr "IPA 服务器地址"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:229
-+msgid "Address of backup IPA server"
-+msgstr "IPA 备份服务器地址"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:230
-+msgid "IPA client hostname"
-+msgstr "IPA 客户端主机名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:231
-+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
-+msgstr "是否在 FreeIPA 中自动更新客户端的 DNS 条目"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:234
-+msgid "Search base for HBAC related objects"
-+msgstr "HBAC 相关对象的搜索基础"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:235
-+msgid ""
-+"The amount of time between lookups of the HBAC rules against the IPA server"
-+msgstr "针对 IPA 服务器查找 HBAC 规则之间的时间间隔"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:236
-+msgid ""
-+"The amount of time in seconds between lookups of the SELinux maps against "
-+"the IPA server"
-+msgstr "针对 IPA 服务器查找 SELinux 映射之间的时间间隔"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:238
-+msgid "If set to false, host argument given by PAM will be ignored"
-+msgstr "如果设置为 false,PAM 提供的主机参数将被忽略"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:239
-+msgid "The automounter location this IPA client is using"
-+msgstr "此 IPA 客户端使用的自动挂载器的位置"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:240
-+msgid "Search base for object containing info about IPA domain"
-+msgstr "搜索包含有关 IPA 域信息的对象的搜索基础"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:241
-+msgid "Search base for objects containing info about ID ranges"
-+msgstr "搜索包含有关 ID 范围信息的对象的搜索基础"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:242
-+#: src/config/SSSDConfig/sssdoptions.py:296
-+msgid "Enable DNS sites - location based service discovery"
-+msgstr "启用 DNS 站点 - 基于位置的服务发现"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:243
-+msgid "Search base for view containers"
-+msgstr "查看容器的搜索基础"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:244
-+msgid "Objectclass for view containers"
-+msgstr "查看容器的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:245
-+msgid "Attribute with the name of the view"
-+msgstr "具有视图名称的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:246
-+msgid "Objectclass for override objects"
-+msgstr "覆盖对象的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:247
-+msgid "Attribute with the reference to the original object"
-+msgstr "带有到原始对象参考的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:248
-+msgid "Objectclass for user override objects"
-+msgstr "用户覆盖对象的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:249
-+msgid "Objectclass for group override objects"
-+msgstr "组覆盖对象的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:250
-+msgid "Search base for Desktop Profile related objects"
-+msgstr "Desktop Profile 相关对象的搜索基础"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:251
-+msgid ""
-+"The amount of time in seconds between lookups of the Desktop Profile rules "
-+"against the IPA server"
-+msgstr "针对 IPA 服务器查找 Desktop Profile 规则之间的时间间隔"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:253
-+msgid ""
-+"The amount of time in minutes between lookups of Desktop Profiles rules "
-+"against the IPA server when the last request did not find any rule"
-+msgstr "当最后一个请求未找到任何规则时,针对 IPA 服务器的Desktop Profiles 规则查找之间的时间间隔(以分钟为单位)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:256
-+msgid "The LDAP attribute that contains FQDN of the host."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:257
-+#: src/config/SSSDConfig/sssdoptions.py:280
-+msgid "The object class of a host entry in LDAP."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:258
-+msgid "Use the given string as search base for host objects."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:259
-+msgid "The LDAP attribute that contains the host's SSH public keys."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:260
-+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:261
-+msgid "The LDAP attribute that contains the names of the netgroup's members."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:262
-+msgid ""
-+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
-+"members of the netgroup."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:264
-+msgid ""
-+"The LDAP attribute that lists hosts and host groups that are direct members "
-+"of the netgroup."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:266
-+msgid "The LDAP attribute that lists netgroup's memberships."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:267
-+msgid ""
-+"The LDAP attribute that lists system users and groups that are direct "
-+"members of the netgroup."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:269
-+msgid "The LDAP attribute that corresponds to the netgroup name."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:270
-+msgid "The object class of a netgroup entry in LDAP."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:271
-+msgid ""
-+"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:272
-+msgid ""
-+"The LDAP attribute that contains whether or not is user map enabled for "
-+"usage."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:274
-+msgid "The LDAP attribute that contains host category such as 'all'."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:275
-+msgid ""
-+"The LDAP attribute that contains all hosts / hostgroups this rule match "
-+"against."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:277
-+msgid ""
-+"The LDAP attribute that contains all users / groups this rule match against."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:279
-+msgid "The LDAP attribute that contains the name of SELinux usermap."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:281
-+msgid ""
-+"The LDAP attribute that contains DN of HBAC rule which can be used for "
-+"matching instead of memberUser and memberHost."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:283
-+msgid "The LDAP attribute that contains SELinux user string itself."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:284
-+msgid "The LDAP attribute that contains user category such as 'all'."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:285
-+msgid "The LDAP attribute that contains unique ID of the user map."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:286
-+msgid ""
-+"The option denotes that the SSSD is running on IPA server and should perform "
-+"lookups of users and groups from trusted domains differently."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:288
-+msgid "Use the given string as search base for trusted domains."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:291
-+msgid "Active Directory domain"
-+msgstr "活动目录域"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:292
-+msgid "Enabled Active Directory domains"
-+msgstr "启用活动目录域"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:293
-+msgid "Active Directory server address"
-+msgstr "没动目录服务器地址"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:294
-+msgid "Active Directory backup server address"
-+msgstr "没动目录备份服务器地址"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:295
-+msgid "Active Directory client hostname"
-+msgstr "活动目录客户端主机名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:297
-+#: src/config/SSSDConfig/sssdoptions.py:488
-+msgid "LDAP filter to determine access privileges"
-+msgstr "用于决定访问权限 的 LDAP 过滤器"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:298
-+msgid "Whether to use the Global Catalog for lookups"
-+msgstr "是否使用 Global Catalog 进行查找"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:299
-+msgid "Operation mode for GPO-based access control"
-+msgstr "基于 GPO 的访问控制的操作模式"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:300
-+msgid ""
-+"The amount of time between lookups of the GPO policy files against the AD "
-+"server"
-+msgstr "针对 IPA 服务器查找 GPO 策略文件之间的时间间隔"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:301
-+msgid ""
-+"PAM service names that map to the GPO (Deny)InteractiveLogonRight policy "
-+"settings"
-+msgstr "映射到 GPO (Deny)InteractiveLogonRight 策略设置的 PAM 服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:303
-+msgid ""
-+"PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight "
-+"policy settings"
-+msgstr "映射到 GPO (Deny)RemoteInteractiveLogonRight 策略设置的 PAM 服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:305
-+msgid ""
-+"PAM service names that map to the GPO (Deny)NetworkLogonRight policy "
-+"settings"
-+msgstr "映射到 GPO (Deny)NetworkLogonRight 策略设置的 PAM 服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:306
-+msgid ""
-+"PAM service names that map to the GPO (Deny)BatchLogonRight policy settings"
-+msgstr "映射到 GPO (Deny)BatchLogonRight 策略设置的 PAM 服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:307
-+msgid ""
-+"PAM service names that map to the GPO (Deny)ServiceLogonRight policy "
-+"settings"
-+msgstr "映射到 GPO (Deny)ServiceLogonRight 策略设置的 PAM 服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:308
-+msgid "PAM service names for which GPO-based access is always granted"
-+msgstr "基于 GPO 的访问始终会被授予的 PAM 服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:309
-+msgid "PAM service names for which GPO-based access is always denied"
-+msgstr "基于 GPO 的访问始终会被拒绝的 PAM 服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:310
-+msgid ""
-+"Default logon right (or permit/deny) to use for unmapped PAM service names"
-+msgstr "用于未映射的 PAM 服务名称的默认登录权(或允许/拒绝)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:311
-+msgid "a particular site to be used by the client"
-+msgstr "客户要使用的特定站点"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:312
-+msgid ""
-+"Maximum age in days before the machine account password should be renewed"
-+msgstr "机器帐户密码需要续订的最长期限(天)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:314
-+msgid "Option for tuning the machine account renewal task"
-+msgstr "用于调整机器帐户续订任务的选项"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:315
-+msgid "Whether to update the machine account password in the Samba database"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:317
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr "将 LDAPS 端口用于 LDAP 和 Global Catalog 请求"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:320
-+#: src/config/SSSDConfig/sssdoptions.py:321
-+msgid "Kerberos server address"
-+msgstr "Kerberos 服务器地址"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:322
-+msgid "Kerberos backup server address"
-+msgstr "Kerberos 备份服务器地址"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:323
-+msgid "Kerberos realm"
-+msgstr "Kerberos realm"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:324
-+msgid "Authentication timeout"
-+msgstr "验证超时"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:325
-+msgid "Whether to create kdcinfo files"
-+msgstr "是否创建 kdcinfo 文件"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:326
-+msgid "Where to drop krb5 config snippets"
-+msgstr "在哪里放置 krb5 配置片段"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:329
-+msgid "Directory to store credential caches"
-+msgstr "存储凭证缓存的目录"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:330
-+msgid "Location of the user's credential cache"
-+msgstr "用户凭证缓存的位置"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:331
-+msgid "Location of the keytab to validate credentials"
-+msgstr "用于验证凭据的密钥表的位置"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:332
-+msgid "Enable credential validation"
-+msgstr "启用凭证验证"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:333
-+msgid "Store password if offline for later online authentication"
-+msgstr "离线时存储密码,以便以后进行在线身份验证"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:334
-+msgid "Renewable lifetime of the TGT"
-+msgstr "TGT 的可更新寿命"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:335
-+msgid "Lifetime of the TGT"
-+msgstr "TGT 的寿命"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:336
-+msgid "Time between two checks for renewal"
-+msgstr "两次更新检查之间的间隔时间"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:337
-+msgid "Enables FAST"
-+msgstr "启用 FAST"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:338
-+msgid "Selects the principal to use for FAST"
-+msgstr "选择用于 FAST 的主体"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:339
-+msgid "Enables principal canonicalization"
-+msgstr "启用主体规范化"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:340
-+msgid "Enables enterprise principals"
-+msgstr "启用企业主体"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:341
-+msgid "A mapping from user names to Kerberos principal names"
-+msgstr "从用户名到 Kerberos 主体名称的映射"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:344
-+#: src/config/SSSDConfig/sssdoptions.py:345
-+msgid "Server where the change password service is running if not on the KDC"
-+msgstr "如果不在 KDC 上,运行更改密码服务的服务器"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:348
-+msgid "ldap_uri, The URI of the LDAP server"
-+msgstr "ldap_uri,LDAP 服务器的 URI"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:349
-+msgid "ldap_backup_uri, The URI of the LDAP server"
-+msgstr "ldap_backup_uri,LDAP 服务器的 URI"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:350
-+msgid "The default base DN"
-+msgstr "默认基本 DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:351
-+msgid "The Schema Type in use on the LDAP server, rfc2307"
-+msgstr "LDAP 服务器上使用的 Schema Type,rfc2307"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:352
-+msgid "Mode used to change user password"
-+msgstr "用来修改用户密码的模式"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:353
-+msgid "The default bind DN"
-+msgstr "默认绑定 DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:354
-+msgid "The type of the authentication token of the default bind DN"
-+msgstr "默认绑定 DN 的身份验证令牌的类型"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:355
-+msgid "The authentication token of the default bind DN"
-+msgstr "默认绑定 DN 的身份验证令牌"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:356
-+msgid "Length of time to attempt connection"
-+msgstr "尝试连接的时间长度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:357
-+msgid "Length of time to attempt synchronous LDAP operations"
-+msgstr "尝试同步 LDAP 操作的时间长度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:358
-+msgid "Length of time between attempts to reconnect while offline"
-+msgstr "离线时尝试重新连接的时间间隔"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:359
-+msgid "Use only the upper case for realm names"
-+msgstr "realm 名称仅使用大写字母"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:360
-+msgid "File that contains CA certificates"
-+msgstr "包含 CA 证书的文件"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:361
-+msgid "Path to CA certificate directory"
-+msgstr "CA 证书目录的路径"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:362
-+msgid "File that contains the client certificate"
-+msgstr "包含客户端 CA 证书的文件"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:363
-+msgid "File that contains the client key"
-+msgstr "包含客户端密钥的文件"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:364
-+msgid "List of possible ciphers suites"
-+msgstr "可能的加密套件列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:365
-+msgid "Require TLS certificate verification"
-+msgstr "调整 TLS 证书验证"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:366
-+msgid "Specify the sasl mechanism to use"
-+msgstr "指定要使用的 sasl 机制"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:367
-+msgid "Specify the sasl authorization id to use"
-+msgstr "指定要使用的 sasl 授权 ID"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:368
-+msgid "Specify the sasl authorization realm to use"
-+msgstr "指定要使用的 sasl 授权 realm"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:369
-+msgid "Specify the minimal SSF for LDAP sasl authorization"
-+msgstr "为 LDAP sasl 授权指定最小的 SSF"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:370
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "为 LDAP sasl 授权指定最大的 SSF"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:371
-+msgid "Kerberos service keytab"
-+msgstr "Kerberos服务密钥表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:372
-+msgid "Use Kerberos auth for LDAP connection"
-+msgstr "使用 Kerberos 身份验证进行 LDAP 连接"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:373
-+msgid "Follow LDAP referrals"
-+msgstr "遵循 LDAP 引用"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:374
-+msgid "Lifetime of TGT for LDAP connection"
-+msgstr "TGT 的 LDAP 连接生命周期"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:375
-+msgid "How to dereference aliases"
-+msgstr "如何取消引用别名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:376
-+msgid "Service name for DNS service lookups"
-+msgstr "DNS 服务查找的服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:377
-+msgid "The number of records to retrieve in a single LDAP query"
-+msgstr "单个 LDAP 查询中要检索的记录数"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:378
-+msgid "The number of members that must be missing to trigger a full deref"
-+msgstr "触发完全取消引用请最少需要缺少的成员数"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:379
-+msgid ""
-+"Whether the LDAP library should perform a reverse lookup to canonicalize the "
-+"host name during a SASL bind"
-+msgstr "在 SASL绑定期间,LDAP 库是否应执行反向查找以规范化主机名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:381
-+msgid ""
-+"Allows to retain local users as members of an LDAP group for servers that "
-+"use the RFC2307 schema."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:384
-+msgid "entryUSN attribute"
-+msgstr "entryUSN 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:385
-+msgid "lastUSN attribute"
-+msgstr "lastUSN 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:387
-+msgid ""
-+"How long to retain a connection to the LDAP server before disconnecting"
-+msgstr "断开连接前与 LDAP 服务器保持连接的时间"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:390
-+msgid "Disable the LDAP paging control"
-+msgstr "禁用 LDAP 分页控制"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:391
-+msgid "Disable Active Directory range retrieval"
-+msgstr "禁用 Active Directory 范围检索"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:394
-+msgid "Length of time to wait for a search request"
-+msgstr "等待搜索请求的时间长度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:395
-+msgid "Length of time to wait for a enumeration request"
-+msgstr "等待枚举请求的时间长度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:396
-+msgid "Length of time between enumeration updates"
-+msgstr "枚举更新之间的时间长度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:397
-+msgid "Length of time between cache cleanups"
-+msgstr "两次缓存清除之间的时间长度"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:398
-+msgid "Require TLS for ID lookups"
-+msgstr "需要 TLS 进行 ID 查找"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:399
-+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
-+msgstr "使用 objectSID 的 ID 映射而不是预设的 ID"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:400
-+msgid "Base DN for user lookups"
-+msgstr "用户查找的基本 DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:401
-+msgid "Scope of user lookups"
-+msgstr "用户查找范围"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:402
-+msgid "Filter for user lookups"
-+msgstr "用户查找过滤"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:403
-+msgid "Objectclass for users"
-+msgstr "用户的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:404
-+msgid "Username attribute"
-+msgstr "用户名属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:405
-+msgid "UID attribute"
-+msgstr "UID 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:406
-+msgid "Primary GID attribute"
-+msgstr "主 GID 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:407
-+msgid "GECOS attribute"
-+msgstr "GECOS 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:408
-+msgid "Home directory attribute"
-+msgstr "家目录属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:409
-+msgid "Shell attribute"
-+msgstr "Shell 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:410
-+msgid "UUID attribute"
-+msgstr "UUID 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:411
-+#: src/config/SSSDConfig/sssdoptions.py:449
-+msgid "objectSID attribute"
-+msgstr "objectSID 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:412
-+msgid "Active Directory primary group attribute for ID-mapping"
-+msgstr "用于 ID 映射的活动目录的主组属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:413
-+msgid "User principal attribute (for Kerberos)"
-+msgstr "用户主体属性(用于 Kerberos)"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:414
-+msgid "Full Name"
-+msgstr "全称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:415
-+msgid "memberOf attribute"
-+msgstr "memberOf 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:416
-+msgid "Modification time attribute"
-+msgstr "修改时间属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:417
-+msgid "shadowLastChange attribute"
-+msgstr "shadowLastChange 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:418
-+msgid "shadowMin attribute"
-+msgstr "shadowMin 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:419
-+msgid "shadowMax attribute"
-+msgstr "shadowMax 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:420
-+msgid "shadowWarning attribute"
-+msgstr "shadowWarning 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:421
-+msgid "shadowInactive attribute"
-+msgstr "shadowInactive 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:422
-+msgid "shadowExpire attribute"
-+msgstr "shadowExpire 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:423
-+msgid "shadowFlag attribute"
-+msgstr "shadowFlag 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:424
-+msgid "Attribute listing authorized PAM services"
-+msgstr "列出授权的 PAM 服务的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:425
-+msgid "Attribute listing authorized server hosts"
-+msgstr "列出授权的服务器主机的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:426
-+msgid "Attribute listing authorized server rhosts"
-+msgstr "列出授权的服务器 rhost 的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:427
-+msgid "krbLastPwdChange attribute"
-+msgstr "krbLastPwdChange 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:428
-+msgid "krbPasswordExpiration attribute"
-+msgstr "krbPasswordExpiration 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:429
-+msgid "Attribute indicating that server side password policies are active"
-+msgstr "用来指示服务器端密码策略处于活动状态的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:430
-+msgid "accountExpires attribute of AD"
-+msgstr "AD 的 accountExpires 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:431
-+msgid "userAccountControl attribute of AD"
-+msgstr "AD 的 userAccountControl 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:432
-+msgid "nsAccountLock attribute"
-+msgstr "nsAccountLock 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:433
-+msgid "loginDisabled attribute of NDS"
-+msgstr "NDS 的 loginDisabled 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:434
-+msgid "loginExpirationTime attribute of NDS"
-+msgstr "NDS 的 loginExpirationTime 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:435
-+msgid "loginAllowedTimeMap attribute of NDS"
-+msgstr "NDS 的 loginAllowedTimeMap 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:436
-+msgid "SSH public key attribute"
-+msgstr "SSH 公钥属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:437
-+msgid "attribute listing allowed authentication types for a user"
-+msgstr "列出用户允许的身份验证类型的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:438
-+msgid "attribute containing the X509 certificate of the user"
-+msgstr "包含用户的 X509 证书的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:439
-+msgid "attribute containing the email address of the user"
-+msgstr "包含用户电子邮件地址的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:440
-+msgid "A list of extra attributes to download along with the user entry"
-+msgstr "要与用户条目一起下载的其他属性的列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:442
-+msgid "Base DN for group lookups"
-+msgstr "组查找的基本 DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:443
-+msgid "Objectclass for groups"
-+msgstr "组的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:444
-+msgid "Group name"
-+msgstr "组名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:445
-+msgid "Group password"
-+msgstr "组密码"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:446
-+msgid "GID attribute"
-+msgstr "GID 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:447
-+msgid "Group member attribute"
-+msgstr "组成员属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:448
-+msgid "Group UUID attribute"
-+msgstr "组 UUID 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:450
-+msgid "Modification time attribute for groups"
-+msgstr "组的修改时间属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:451
-+msgid "Type of the group and other flags"
-+msgstr "组的类型和其他标志"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:452
-+msgid "The LDAP group external member attribute"
-+msgstr "LDAP 组外部成员属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:453
-+msgid "Maximum nesting level SSSD will follow"
-+msgstr "将遵循的最大嵌套级别 SSSD"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:454
-+msgid "Filter for group lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:455
-+msgid "Scope of group lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:457
-+msgid "Base DN for netgroup lookups"
-+msgstr "netgroup 查找的基本 DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:458
-+msgid "Objectclass for netgroups"
-+msgstr "netgroup 的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:459
-+msgid "Netgroup name"
-+msgstr "Netgroup 名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:460
-+msgid "Netgroups members attribute"
-+msgstr "Netgroups 成员属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:461
-+msgid "Netgroup triple attribute"
-+msgstr "Netgroup triple 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:462
-+msgid "Modification time attribute for netgroups"
-+msgstr "netgroup 的修改时间属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:464
-+msgid "Base DN for service lookups"
-+msgstr "服务查找的基本 DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:465
-+msgid "Objectclass for services"
-+msgstr "服务的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:466
-+msgid "Service name attribute"
-+msgstr "服务名属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:467
-+msgid "Service port attribute"
-+msgstr "服务端口属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:468
-+msgid "Service protocol attribute"
-+msgstr "服务协议属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:470
-+msgid "Lower bound for ID-mapping"
-+msgstr "ID 映射的下限"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:471
-+msgid "Upper bound for ID-mapping"
-+msgstr "ID 映射的上限"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:472
-+msgid "Number of IDs for each slice when ID-mapping"
-+msgstr "ID 映射时每个片的 ID 数"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:473
-+msgid "Use autorid-compatible algorithm for ID-mapping"
-+msgstr "使用与 autorid 兼容的算法进行 ID 映射"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:474
-+msgid "Name of the default domain for ID-mapping"
-+msgstr "用于 ID 映射的默认域的名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:475
-+msgid "SID of the default domain for ID-mapping"
-+msgstr "用于 ID 映射的默认域的 SID"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:476
-+msgid "Number of secondary slices"
-+msgstr "次要切片数"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:478
-+msgid "Whether to use Token-Groups"
-+msgstr "是否使用令牌组"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:479
-+msgid "Set lower boundary for allowed IDs from the LDAP server"
-+msgstr "设置 LDAP 服务器允许的 ID 的下边界"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:480
-+msgid "Set upper boundary for allowed IDs from the LDAP server"
-+msgstr "设置 LDAP 服务器允许的 ID 的上边界"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:481
-+msgid "DN for ppolicy queries"
-+msgstr "ppolicy 查询的 DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:482
-+msgid "How many maximum entries to fetch during a wildcard request"
-+msgstr "在通配符请求期间要提取多少个最大条目"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:485
-+msgid "Policy to evaluate the password expiration"
-+msgstr "评估密码有效期的策略"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:489
-+msgid "Which attributes shall be used to evaluate if an account is expired"
-+msgstr "应使用哪些属性来评估帐户是否过期"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:490
-+msgid "Which rules should be used to evaluate access control"
-+msgstr "应该使用哪些规则来评估访问控制"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:493
-+msgid "URI of an LDAP server where password changes are allowed"
-+msgstr "允许更改密码的 LDAP 服务器的 URI"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:494
-+msgid "URI of a backup LDAP server where password changes are allowed"
-+msgstr "允许更改密码的备份 LDAP 服务器的 URI"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:495
-+msgid "DNS service name for LDAP password change server"
-+msgstr "LDAP 密码更改服务器的 DNS 服务名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:496
-+msgid ""
-+"Whether to update the ldap_user_shadow_last_change attribute after a "
-+"password change"
-+msgstr "更改密码后是否更新 ldap_user_shadow_last_change 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:500
-+msgid "Base DN for sudo rules lookups"
-+msgstr "sudo 规则查找的基本DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:501
-+msgid "Automatic full refresh period"
-+msgstr "自动完整刷新周期"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:502
-+msgid "Automatic smart refresh period"
-+msgstr "自动智能刷新周期"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:503
-+msgid "Whether to filter rules by hostname, IP addresses and network"
-+msgstr "是否按主机名,IP地址和网络过滤规则"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:504
-+msgid ""
-+"Hostnames and/or fully qualified domain names of this machine to filter sudo "
-+"rules"
-+msgstr "本机的主机名和/或限定域名,用于过滤 sudo 规则"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:505
-+msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
-+msgstr "IPv4 或 IPv6 地址或本机器的网络,用于过滤 sudo 规则"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:506
-+msgid "Whether to include rules that contains netgroup in host attribute"
-+msgstr "是否在主机属性中包含带有 netgroup 的规则"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:507
-+msgid ""
-+"Whether to include rules that contains regular expression in host attribute"
-+msgstr "是否在主机属性中包含带有正则表达式的规则"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:508
-+msgid "Object class for sudo rules"
-+msgstr "sudo 规则的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:509
-+msgid "Name of attribute that is used as object class for sudo rules"
-+msgstr "用作 sudo 规则的对象类的属性名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:510
-+msgid "Sudo rule name"
-+msgstr "sudo 规则名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:511
-+msgid "Sudo rule command attribute"
-+msgstr "sudo 规则命令属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:512
-+msgid "Sudo rule host attribute"
-+msgstr "sudo 规则主机属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:513
-+msgid "Sudo rule user attribute"
-+msgstr "sudo 规则用户属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:514
-+msgid "Sudo rule option attribute"
-+msgstr "sudo 规则选项属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:515
-+msgid "Sudo rule runas attribute"
-+msgstr "sudo 规则 runas 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:516
-+msgid "Sudo rule runasuser attribute"
-+msgstr "sudo 规则 runasuser 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:517
-+msgid "Sudo rule runasgroup attribute"
-+msgstr "sudo 规则 runasgroup 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:518
-+msgid "Sudo rule notbefore attribute"
-+msgstr "sudo 规则 notbefore 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:519
-+msgid "Sudo rule notafter attribute"
-+msgstr "sudo 规则 notafter 属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:520
-+msgid "Sudo rule order attribute"
-+msgstr "sudo 规则顺序属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:523
-+msgid "Object class for automounter maps"
-+msgstr "自动挂载器映射的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:524
-+msgid "Automounter map name attribute"
-+msgstr "自动挂载器映射名称属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:525
-+msgid "Object class for automounter map entries"
-+msgstr "自动挂载器映射条目的对象类"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:526
-+msgid "Automounter map entry key attribute"
-+msgstr "自动挂载器映射条目键的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:527
-+msgid "Automounter map entry value attribute"
-+msgstr "自动挂载器映射条目值的属性"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:528
-+msgid "Base DN for automounter map lookups"
-+msgstr "自动挂载程序映射查找的基本 DN"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:529
-+msgid "The name of the automount master map in LDAP."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:532
-+msgid "Base DN for IP hosts lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:533
-+msgid "Object class for IP hosts"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:534
-+msgid "IP host name attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:535
-+msgid "IP host number (address) attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:536
-+msgid "IP host entryUSN attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:537
-+msgid "Base DN for IP networks lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:538
-+msgid "Object class for IP networks"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:539
-+msgid "IP network name attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:540
-+msgid "IP network number (address) attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:541
-+msgid "IP network entryUSN attribute"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:544
-+msgid "Comma separated list of allowed users"
-+msgstr "以逗号分隔的允许的用户列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:545
-+msgid "Comma separated list of prohibited users"
-+msgstr "以逗号分隔的不允许的用户列表"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:546
-+msgid ""
-+"Comma separated list of groups that are allowed to log in. This applies only "
-+"to groups within this SSSD domain. Local groups are not evaluated."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:548
-+msgid ""
-+"Comma separated list of groups that are explicitly denied access. This "
-+"applies only to groups within this SSSD domain. Local groups are not "
-+"evaluated."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:552
-+msgid "Base for home directories"
-+msgstr "家目录的基础"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:553
-+msgid "Indicate if a home directory should be created for new users."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:554
-+msgid "Indicate if a home directory should be removed for deleted users."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:555
-+msgid "Specify the default permissions on a newly created home directory."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:556
-+msgid "The skeleton directory."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:557
-+msgid "The mail spool directory."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:558
-+msgid "The command that is run after a user is removed."
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:561
-+msgid "The number of preforked proxy children."
-+msgstr "预分支代理子代的数量。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:564
-+msgid "The name of the NSS library to use"
-+msgstr "使用的 NSS 库的名称"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:565
-+msgid "The name of the NSS library to use for hosts and networks lookups"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/sssdoptions.py:566
-+msgid "Whether to look up canonical group name from cache if possible"
-+msgstr "如果可能,是否从缓存中查找规范的组名"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:569
-+msgid "PAM stack to use"
-+msgstr "使用的 PAM 堆栈"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:572
-+msgid "Path of passwd file sources."
-+msgstr "passwd 文件源的路径。"
-+
-+#: src/config/SSSDConfig/sssdoptions.py:573
-+msgid "Path of group file sources."
-+msgstr "group 文件源的路径。"
-+
- #: src/monitor/monitor.c:2371
- msgid "Become a daemon (default)"
--msgstr ""
-+msgstr "成为守护进程(默认)"
-
- #: src/monitor/monitor.c:2373
- msgid "Run interactive (not a daemon)"
--msgstr ""
-+msgstr "交互式运行(不是守护程序)"
-
- #: src/monitor/monitor.c:2376
- msgid "Disable netlink interface"
--msgstr ""
-+msgstr "禁用 netlink 接口"
-
--#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_logs.c:310
-+#: src/monitor/monitor.c:2378 src/tools/sssctl/sssctl_config.c:77
-+#: src/tools/sssctl/sssctl_logs.c:310
- msgid "Specify a non-default config file"
--msgstr ""
-+msgstr "指定一个非默认的配置文件"
-
- #: src/monitor/monitor.c:2380
- msgid "Refresh the configuration database, then exit"
--msgstr ""
-+msgstr "刷新配置数据库,然后退出"
-
- #: src/monitor/monitor.c:2383
- msgid "Similar to --genconf, but only refreshes the given section"
-@@ -46,87 +1850,87 @@ msgstr ""
-
- #: src/monitor/monitor.c:2386
- msgid "Print version number and exit"
--msgstr ""
-+msgstr "显示版本号并退出"
-
- #: src/monitor/monitor.c:2532
- msgid "SSSD is already running\n"
--msgstr ""
-+msgstr "SSSD 已运行\n"
-
- #: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:638
- msgid "Debug level"
--msgstr ""
-+msgstr "调试级别"
-
- #: src/providers/krb5/krb5_child.c:3235 src/providers/ldap/ldap_child.c:640
- msgid "Add debug timestamps"
--msgstr ""
-+msgstr "添加调试时间戳"
-
- #: src/providers/krb5/krb5_child.c:3237 src/providers/ldap/ldap_child.c:642
- msgid "Show timestamps with microseconds"
--msgstr ""
-+msgstr "显示时间戳(以微秒为单位)"
-
- #: src/providers/krb5/krb5_child.c:3239 src/providers/ldap/ldap_child.c:644
- msgid "An open file descriptor for the debug logs"
--msgstr ""
-+msgstr "调试日志的打开文件描述符"
-
- #: src/providers/krb5/krb5_child.c:3242 src/providers/ldap/ldap_child.c:646
- msgid "Send the debug output to stderr directly."
--msgstr ""
-+msgstr "将调试直接输出到 stderr。"
-
- #: src/providers/krb5/krb5_child.c:3245
- msgid "The user to create FAST ccache as"
--msgstr ""
-+msgstr "用户创建 FAST 缓存为"
-
- #: src/providers/krb5/krb5_child.c:3247
- msgid "The group to create FAST ccache as"
--msgstr ""
-+msgstr "组创建 FAST 缓存为"
-
- #: src/providers/krb5/krb5_child.c:3249
- msgid "Kerberos realm to use"
--msgstr ""
-+msgstr "使用的 kerberos realm"
-
- #: src/providers/krb5/krb5_child.c:3251
- msgid "Requested lifetime of the ticket"
--msgstr ""
-+msgstr "要求的票证寿命"
-
- #: src/providers/krb5/krb5_child.c:3253
- msgid "Requested renewable lifetime of the ticket"
--msgstr ""
-+msgstr "要求的可续约票证寿命"
-
- #: src/providers/krb5/krb5_child.c:3255
- msgid "FAST options ('never', 'try', 'demand')"
--msgstr ""
-+msgstr "FAST 选项('never'、'try'、'demand')"
-
- #: src/providers/krb5/krb5_child.c:3258
- msgid "Specifies the server principal to use for FAST"
--msgstr ""
-+msgstr "指定用于 FAST 的服务器主体"
-
- #: src/providers/krb5/krb5_child.c:3260
- msgid "Requests canonicalization of the principal name"
--msgstr ""
-+msgstr "要求规范化主体名称"
-
- #: src/providers/krb5/krb5_child.c:3262
- msgid "Use custom version of krb5_get_init_creds_password"
--msgstr ""
-+msgstr "使用自定义版本的 krb5_get_init_creds_password"
-
- #: src/providers/data_provider_be.c:674
- msgid "Domain of the information provider (mandatory)"
--msgstr ""
-+msgstr "信息提供者的域(强制)"
-
- #: src/sss_client/common.c:1079
- msgid "Privileged socket has wrong ownership or permissions."
--msgstr ""
-+msgstr "特权套接字有错误的所有权或权限。"
-
- #: src/sss_client/common.c:1082
- msgid "Public socket has wrong ownership or permissions."
--msgstr ""
-+msgstr "公共套接字有错误的所有权或权限。"
-
- #: src/sss_client/common.c:1085
- msgid "Unexpected format of the server credential message."
--msgstr ""
-+msgstr "服务器凭证消息的格式异常。"
-
- #: src/sss_client/common.c:1088
- msgid "SSSD is not run by root."
--msgstr ""
-+msgstr "SSSD 没有由 root 运行。"
-
- #: src/sss_client/common.c:1091
- msgid "SSSD socket does not exist."
-@@ -138,100 +1942,100 @@ msgstr ""
-
- #: src/sss_client/common.c:1099
- msgid "An error occurred, but no description can be found."
--msgstr ""
-+msgstr "发生错误,但找不到描述信息。"
-
- #: src/sss_client/common.c:1105
- msgid "Unexpected error while looking for an error description"
--msgstr ""
-+msgstr "查找错误说明时出现意外错误"
-
- #: src/sss_client/pam_sss.c:68
- msgid "Permission denied. "
--msgstr ""
-+msgstr "权限被拒绝。"
-
--#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:779
--#: src/sss_client/pam_sss.c:790
-+#: src/sss_client/pam_sss.c:69 src/sss_client/pam_sss.c:781
-+#: src/sss_client/pam_sss.c:792
- msgid "Server message: "
--msgstr ""
-+msgstr "服务器消息: "
-
--#: src/sss_client/pam_sss.c:297
-+#: src/sss_client/pam_sss.c:299
- msgid "Passwords do not match"
--msgstr ""
-+msgstr "密码不匹配"
-
--#: src/sss_client/pam_sss.c:485
-+#: src/sss_client/pam_sss.c:487
- msgid "Password reset by root is not supported."
--msgstr ""
-+msgstr "不支持通过 root 重置密码。"
-
--#: src/sss_client/pam_sss.c:526
-+#: src/sss_client/pam_sss.c:528
- msgid "Authenticated with cached credentials"
--msgstr ""
-+msgstr "通过缓存的凭据进行身份验证"
-
--#: src/sss_client/pam_sss.c:527
-+#: src/sss_client/pam_sss.c:529
- msgid ", your cached password will expire at: "
--msgstr ""
-+msgstr ",您缓存的密码将过期于: "
-
--#: src/sss_client/pam_sss.c:557
-+#: src/sss_client/pam_sss.c:559
- #, c-format
- msgid "Your password has expired. You have %1$d grace login(s) remaining."
--msgstr ""
-+msgstr "您的密码已过期。您有 %1$d 剩余宽限登陆。"
-
--#: src/sss_client/pam_sss.c:603
-+#: src/sss_client/pam_sss.c:605
- #, c-format
- msgid "Your password will expire in %1$d %2$s."
--msgstr ""
-+msgstr "您的密码将于 %1$d %2$s 过期。"
-
--#: src/sss_client/pam_sss.c:652
-+#: src/sss_client/pam_sss.c:654
- msgid "Authentication is denied until: "
--msgstr ""
-+msgstr "身份验证被拒绝,直到: "
-
--#: src/sss_client/pam_sss.c:673
-+#: src/sss_client/pam_sss.c:675
- msgid "System is offline, password change not possible"
--msgstr ""
-+msgstr "系统离线,无法更改密码"
-
--#: src/sss_client/pam_sss.c:688
-+#: src/sss_client/pam_sss.c:690
- msgid ""
- "After changing the OTP password, you need to log out and back in order to "
- "acquire a ticket"
--msgstr ""
-+msgstr "更改 OTP 密码后,您需要注销并重新登录以获得票证"
-
--#: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
-+#: src/sss_client/pam_sss.c:778 src/sss_client/pam_sss.c:791
- msgid "Password change failed. "
--msgstr ""
-+msgstr "更改密码失败。"
-
--#: src/sss_client/pam_sss.c:2008
-+#: src/sss_client/pam_sss.c:2015
- msgid "New Password: "
--msgstr ""
-+msgstr "新密码:"
-
--#: src/sss_client/pam_sss.c:2009
-+#: src/sss_client/pam_sss.c:2016
- msgid "Reenter new Password: "
--msgstr ""
-+msgstr "重新输入新密码:"
-
--#: src/sss_client/pam_sss.c:2171 src/sss_client/pam_sss.c:2174
-+#: src/sss_client/pam_sss.c:2178 src/sss_client/pam_sss.c:2181
- msgid "First Factor: "
--msgstr ""
-+msgstr "第一因素: "
-
--#: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
-+#: src/sss_client/pam_sss.c:2179 src/sss_client/pam_sss.c:2353
- msgid "Second Factor (optional): "
--msgstr ""
-+msgstr "第二因素(可选): "
-
--#: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
-+#: src/sss_client/pam_sss.c:2182 src/sss_client/pam_sss.c:2356
- msgid "Second Factor: "
--msgstr ""
-+msgstr "第二因素: "
-
--#: src/sss_client/pam_sss.c:2190
-+#: src/sss_client/pam_sss.c:2200
- msgid "Password: "
--msgstr ""
-+msgstr "密码:"
-
--#: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
-+#: src/sss_client/pam_sss.c:2352 src/sss_client/pam_sss.c:2355
- msgid "First Factor (Current Password): "
--msgstr ""
-+msgstr "第一因素(当前密码): "
-
--#: src/sss_client/pam_sss.c:2349
-+#: src/sss_client/pam_sss.c:2359
- msgid "Current Password: "
--msgstr ""
-+msgstr "当前密码:"
-
--#: src/sss_client/pam_sss.c:2704
-+#: src/sss_client/pam_sss.c:2714
- msgid "Password expired. Change your password now."
--msgstr ""
-+msgstr "密码已过期。立即更改密码。"
-
- #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:41
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:186 src/tools/sss_useradd.c:48
-@@ -240,12 +2044,12 @@ msgstr ""
- #: src/tools/sss_userdel.c:136 src/tools/sss_usermod.c:47
- #: src/tools/sss_cache.c:719
- msgid "The debug level to run with"
--msgstr ""
-+msgstr "要运行的调试级别"
-
- #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:43
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:190
- msgid "The SSSD domain to use"
--msgstr ""
-+msgstr "要使用的 SSSD 域"
-
- #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:57 src/tools/sss_useradd.c:74
- #: src/tools/sss_groupadd.c:59 src/tools/sss_groupdel.c:54
-@@ -253,27 +2057,27 @@ msgstr ""
- #: src/tools/sss_userdel.c:154 src/tools/sss_usermod.c:79
- #: src/tools/sss_cache.c:765
- msgid "Error setting the locale\n"
--msgstr ""
-+msgstr "地区设置错误\n"
-
- #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64
- msgid "Not enough memory\n"
--msgstr ""
-+msgstr "内存不足\n"
-
- #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83
- msgid "User not specified\n"
--msgstr ""
-+msgstr "未指定用户\n"
-
- #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:97
- msgid "Error looking up public keys\n"
--msgstr ""
-+msgstr "查找公钥时出错\n"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:188
- msgid "The port to use to connect to the host"
--msgstr ""
-+msgstr "用于连接主机的端口"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
- msgid "Print the host ssh public keys"
--msgstr ""
-+msgstr "打印主机 ssh 公钥"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
- msgid "Invalid port\n"
-@@ -281,173 +2085,173 @@ msgstr "无效端口\n"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:239
- msgid "Host not specified\n"
--msgstr ""
-+msgstr "未指定主机\n"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:245
- msgid "The path to the proxy command must be absolute\n"
--msgstr ""
-+msgstr "到 proxy 命令的路径必须是绝对路径\n"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
- #, c-format
- msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
--msgstr ""
-+msgstr "sss_ssh_knownhostsproxy:无法解析主机名 %s\n"
-
- #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
- msgid "The UID of the user"
--msgstr ""
-+msgstr "用户的 UID"
-
- #: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
- msgid "The comment string"
--msgstr ""
-+msgstr "注释字符串"
-
- #: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
- msgid "Home directory"
--msgstr ""
-+msgstr "家目录"
-
- #: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
- msgid "Login shell"
--msgstr ""
-+msgstr "登陆 shell"
-
- #: src/tools/sss_useradd.c:53
- msgid "Groups"
--msgstr ""
-+msgstr "组"
-
- #: src/tools/sss_useradd.c:54
- msgid "Create user's directory if it does not exist"
--msgstr ""
-+msgstr "创建用户目录(如果不存在)"
-
- #: src/tools/sss_useradd.c:55
- msgid "Never create user's directory, overrides config"
--msgstr ""
-+msgstr "不创建用户目录,覆盖配置"
-
- #: src/tools/sss_useradd.c:56
- msgid "Specify an alternative skeleton directory"
--msgstr ""
-+msgstr "指定一个备用的 skeleton 目录"
-
- #: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:60
- msgid "The SELinux user for user's login"
--msgstr ""
-+msgstr "用于用户登录的 SELinux用户"
-
- #: src/tools/sss_useradd.c:87 src/tools/sss_groupmod.c:79
- #: src/tools/sss_usermod.c:92
- msgid "Specify group to add to\n"
--msgstr ""
-+msgstr "指定添加到的组\n"
-
- #: src/tools/sss_useradd.c:111
- msgid "Specify user to add\n"
--msgstr ""
-+msgstr "指定要添加的用户\n"
-
- #: src/tools/sss_useradd.c:121 src/tools/sss_groupadd.c:86
- #: src/tools/sss_groupdel.c:80 src/tools/sss_groupmod.c:113
- #: src/tools/sss_groupshow.c:714 src/tools/sss_userdel.c:200
- #: src/tools/sss_usermod.c:162
- msgid "Error initializing the tools - no local domain\n"
--msgstr ""
-+msgstr "初始化工具时出错 - 没有本地域\n"
-
- #: src/tools/sss_useradd.c:123 src/tools/sss_groupadd.c:88
- #: src/tools/sss_groupdel.c:82 src/tools/sss_groupmod.c:115
- #: src/tools/sss_groupshow.c:716 src/tools/sss_userdel.c:202
- #: src/tools/sss_usermod.c:164
- msgid "Error initializing the tools\n"
--msgstr ""
-+msgstr "初始化工具出错。\n"
-
- #: src/tools/sss_useradd.c:132 src/tools/sss_groupadd.c:97
- #: src/tools/sss_groupdel.c:91 src/tools/sss_groupmod.c:123
- #: src/tools/sss_groupshow.c:725 src/tools/sss_userdel.c:211
- #: src/tools/sss_usermod.c:173
- msgid "Invalid domain specified in FQDN\n"
--msgstr ""
-+msgstr "FQDN 中指定的域无效\n"
-
- #: src/tools/sss_useradd.c:142 src/tools/sss_groupmod.c:144
- #: src/tools/sss_groupmod.c:173 src/tools/sss_usermod.c:197
- #: src/tools/sss_usermod.c:226
- msgid "Internal error while parsing parameters\n"
--msgstr ""
-+msgstr "解析参数时发生内部错误\n"
-
- #: src/tools/sss_useradd.c:151 src/tools/sss_usermod.c:206
- #: src/tools/sss_usermod.c:235
- msgid "Groups must be in the same domain as user\n"
--msgstr ""
-+msgstr "组必须与用户在同一域中\n"
-
- #: src/tools/sss_useradd.c:159
- #, c-format
- msgid "Cannot find group %1$s in local domain\n"
--msgstr ""
-+msgstr "无法在本的域中找到组 %1$s\n"
-
- #: src/tools/sss_useradd.c:174 src/tools/sss_userdel.c:221
- msgid "Cannot set default values\n"
--msgstr ""
-+msgstr "无法设置默认值\n"
-
- #: src/tools/sss_useradd.c:181 src/tools/sss_usermod.c:187
- msgid "The selected UID is outside the allowed range\n"
--msgstr ""
-+msgstr "所选的 UID 超出了允许范围\n"
-
- #: src/tools/sss_useradd.c:210 src/tools/sss_usermod.c:305
- msgid "Cannot set SELinux login context\n"
--msgstr ""
-+msgstr "无法设置 SELinux 登录上下文\n"
-
- #: src/tools/sss_useradd.c:224
- msgid "Cannot get info about the user\n"
--msgstr ""
-+msgstr "无法获得用户的信息\n"
-
- #: src/tools/sss_useradd.c:236
- msgid "User's home directory already exists, not copying data from skeldir\n"
--msgstr ""
-+msgstr "用户的家目录已存在,无法从 skeldir 复制数据\n"
-
- #: src/tools/sss_useradd.c:239
- #, c-format
- msgid "Cannot create user's home directory: %1$s\n"
--msgstr ""
-+msgstr "无法创建用户的家目录:%1$s\n"
-
- #: src/tools/sss_useradd.c:250
- #, c-format
- msgid "Cannot create user's mail spool: %1$s\n"
--msgstr ""
-+msgstr "无法创建用户的邮件 spool: %1$s\n"
-
- #: src/tools/sss_useradd.c:270
- msgid "Could not allocate ID for the user - domain full?\n"
--msgstr ""
-+msgstr "无法为用户分配 ID - 域已满?\n"
-
- #: src/tools/sss_useradd.c:274
- msgid "A user or group with the same name or ID already exists\n"
--msgstr ""
-+msgstr "具有相同名称或 ID 的用户或组已经存在\n"
-
- #: src/tools/sss_useradd.c:280
- msgid "Transaction error. Could not add user.\n"
--msgstr ""
-+msgstr "交易错误。无法添加用户。\n"
-
- #: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
- msgid "The GID of the group"
--msgstr ""
-+msgstr "组的 GID"
-
- #: src/tools/sss_groupadd.c:76
- msgid "Specify group to add\n"
--msgstr ""
-+msgstr "指定添加的组\n"
-
- #: src/tools/sss_groupadd.c:106 src/tools/sss_groupmod.c:198
- msgid "The selected GID is outside the allowed range\n"
--msgstr ""
-+msgstr "所选的 GID 超出了允许范围\n"
-
- #: src/tools/sss_groupadd.c:143
- msgid "Could not allocate ID for the group - domain full?\n"
--msgstr ""
-+msgstr "无法为组分配 ID - 域已满?\n"
-
- #: src/tools/sss_groupadd.c:147
- msgid "A group with the same name or GID already exists\n"
--msgstr ""
-+msgstr "具有相同名称或 GID 的组已经存在\n"
-
- #: src/tools/sss_groupadd.c:153
- msgid "Transaction error. Could not add group.\n"
--msgstr ""
-+msgstr "交易错误。无法添加组。\n"
-
- #: src/tools/sss_groupdel.c:70
- msgid "Specify group to delete\n"
--msgstr ""
-+msgstr "指定删除的组\n"
-
- #: src/tools/sss_groupdel.c:104
- #, c-format
- msgid "Group %1$s is outside the defined ID range for domain\n"
--msgstr ""
-+msgstr "组 %1$s 在域的定义 ID 范围之外\n"
-
- #: src/tools/sss_groupdel.c:119 src/tools/sss_groupmod.c:225
- #: src/tools/sss_groupmod.c:232 src/tools/sss_groupmod.c:239
-@@ -455,43 +2259,43 @@ msgstr ""
- #: src/tools/sss_usermod.c:289 src/tools/sss_usermod.c:296
- #, c-format
- msgid "NSS request failed (%1$d). Entry might remain in memory cache.\n"
--msgstr ""
-+msgstr "NSS 请求失败(%1$d)。条目可能保留在内存缓存中。\n"
-
- #: src/tools/sss_groupdel.c:132
- msgid ""
--"No such group in local domain. Removing groups only allowed in local "
--"domain.\n"
--msgstr ""
-+"No such group in local domain. Removing groups only allowed in local domain."
-+"\n"
-+msgstr "本地域中没有这样的组。只在本地域中允许删除组。\n"
-
- #: src/tools/sss_groupdel.c:137
- msgid "Internal error. Could not remove group.\n"
--msgstr ""
-+msgstr "内部错误。无法删除组。\n"
-
- #: src/tools/sss_groupmod.c:44
- msgid "Groups to add this group to"
--msgstr ""
-+msgstr "把这个组添加到的组"
-
- #: src/tools/sss_groupmod.c:46
- msgid "Groups to remove this group from"
--msgstr ""
-+msgstr "要从中删除该组的组"
-
- #: src/tools/sss_groupmod.c:87 src/tools/sss_usermod.c:100
- msgid "Specify group to remove from\n"
--msgstr ""
-+msgstr "指定要从中删除的组\n"
-
- #: src/tools/sss_groupmod.c:101
- msgid "Specify group to modify\n"
--msgstr ""
-+msgstr "指定修改的组\n"
-
- #: src/tools/sss_groupmod.c:130
- msgid ""
- "Cannot find group in local domain, modifying groups is allowed only in local "
- "domain\n"
--msgstr ""
-+msgstr "在本地域中找不到组,仅允许在本地域中修改组\n"
-
- #: src/tools/sss_groupmod.c:153 src/tools/sss_groupmod.c:182
- msgid "Member groups must be in the same domain as parent group\n"
--msgstr ""
-+msgstr "成员组必须与父组在同一域中\n"
-
- #: src/tools/sss_groupmod.c:161 src/tools/sss_groupmod.c:190
- #: src/tools/sss_usermod.c:214 src/tools/sss_usermod.c:243
-@@ -499,456 +2303,456 @@ msgstr ""
- msgid ""
- "Cannot find group %1$s in local domain, only groups in local domain are "
- "allowed\n"
--msgstr ""
-+msgstr "无法在本地域中找到组 %1$s,只允许在本地域中的组\n"
-
- #: src/tools/sss_groupmod.c:257
- msgid "Could not modify group - check if member group names are correct\n"
--msgstr ""
-+msgstr "无法修改组 - 检查成员组名称是否正确\n"
-
- #: src/tools/sss_groupmod.c:261
- msgid "Could not modify group - check if groupname is correct\n"
--msgstr ""
-+msgstr " 无法修改组 - 检查组名是否正确\n"
-
- #: src/tools/sss_groupmod.c:265
- msgid "Transaction error. Could not modify group.\n"
--msgstr ""
-+msgstr "交易错误。无法修改组。\n"
-
- #: src/tools/sss_groupshow.c:616
- msgid "Magic Private "
--msgstr ""
-+msgstr "Magic Private "
-
- #: src/tools/sss_groupshow.c:615
- #, c-format
- msgid "%1$s%2$sGroup: %3$s\n"
--msgstr ""
-+msgstr "%1$s%2$sGroup: %3$s\n"
-
- #: src/tools/sss_groupshow.c:618
- #, c-format
- msgid "%1$sGID number: %2$d\n"
--msgstr ""
-+msgstr "%1$sGID 号:%2$d\n"
-
- #: src/tools/sss_groupshow.c:620
- #, c-format
- msgid "%1$sMember users: "
--msgstr ""
-+msgstr "%1$sMember 用户:"
-
- #: src/tools/sss_groupshow.c:627
- #, c-format
--msgid ""
--"\n"
-+msgid "\n"
- "%1$sIs a member of: "
--msgstr ""
-+msgstr "\n"
-+"%1$sIs 一个成员:"
-
- #: src/tools/sss_groupshow.c:634
- #, c-format
--msgid ""
--"\n"
-+msgid "\n"
- "%1$sMember groups: "
--msgstr ""
-+msgstr "\n"
-+"%1$sMember 组:"
-
- #: src/tools/sss_groupshow.c:670
- msgid "Print indirect group members recursively"
--msgstr ""
-+msgstr "递归打印间接组成员"
-
- #: src/tools/sss_groupshow.c:704
- msgid "Specify group to show\n"
--msgstr ""
-+msgstr "指定显示的组\n"
-
- #: src/tools/sss_groupshow.c:744
- msgid ""
--"No such group in local domain. Printing groups only allowed in local "
--"domain.\n"
--msgstr ""
-+"No such group in local domain. Printing groups only allowed in local domain."
-+"\n"
-+msgstr "本地域中没有这样的组。只在本地域中允许打印组。\n"
-
- #: src/tools/sss_groupshow.c:749
- msgid "Internal error. Could not print group.\n"
--msgstr ""
-+msgstr "内部错误。无法打印组。\n"
-
- #: src/tools/sss_userdel.c:138
- msgid "Remove home directory and mail spool"
--msgstr ""
-+msgstr "删除主目录和邮件假脱机"
-
- #: src/tools/sss_userdel.c:140
- msgid "Do not remove home directory and mail spool"
--msgstr ""
-+msgstr "不删除主目录和邮件假脱机"
-
- #: src/tools/sss_userdel.c:142
- msgid "Force removal of files not owned by the user"
--msgstr ""
-+msgstr "用户不允许强制删除文件"
-
- #: src/tools/sss_userdel.c:144
- msgid "Kill users' processes before removing him"
--msgstr ""
-+msgstr "在删除用户前终止用户的进程"
-
- #: src/tools/sss_userdel.c:190
- msgid "Specify user to delete\n"
--msgstr ""
-+msgstr "指定删除的用户\n"
-
- #: src/tools/sss_userdel.c:236
- #, c-format
- msgid "User %1$s is outside the defined ID range for domain\n"
--msgstr ""
-+msgstr "用户 %1$s 在域的定义 ID 范围之外\n"
-
- #: src/tools/sss_userdel.c:261
- msgid "Cannot reset SELinux login context\n"
--msgstr ""
-+msgstr "无法重新设置 SELinux 登录上下文\n"
-
- #: src/tools/sss_userdel.c:273
- #, c-format
- msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
--msgstr ""
-+msgstr "警告:用户(uid %1$lu )在删除后仍处于登录状态。\n"
-
- #: src/tools/sss_userdel.c:278
- msgid "Cannot determine if the user was logged in on this platform"
--msgstr ""
-+msgstr "无法确定用户是否已在此平台上登录"
-
- #: src/tools/sss_userdel.c:283
- msgid "Error while checking if the user was logged in\n"
--msgstr ""
-+msgstr "检查用户是否登录时出错\n"
-
- #: src/tools/sss_userdel.c:290
- #, c-format
- msgid "The post-delete command failed: %1$s\n"
--msgstr ""
-+msgstr "后删除命令失败: %1$s\n"
-
- #: src/tools/sss_userdel.c:310
- msgid "Not removing home dir - not owned by user\n"
--msgstr ""
-+msgstr "没有删除主目录 - 不归用户所有\n"
-
- #: src/tools/sss_userdel.c:312
- #, c-format
- msgid "Cannot remove homedir: %1$s\n"
--msgstr ""
-+msgstr "无法删除主目录:%1$s\n"
-
- #: src/tools/sss_userdel.c:326
- msgid ""
- "No such user in local domain. Removing users only allowed in local domain.\n"
--msgstr ""
-+msgstr "本地域中没有这样的用户。只在本地域中允许删除用户。\n"
-
- #: src/tools/sss_userdel.c:331
- msgid "Internal error. Could not remove user.\n"
--msgstr ""
-+msgstr "内部错误。无法删除用户。\n"
-
- #: src/tools/sss_usermod.c:49
- msgid "The GID of the user"
--msgstr ""
-+msgstr "用户的 GID"
-
- #: src/tools/sss_usermod.c:53
- msgid "Groups to add this user to"
--msgstr ""
-+msgstr "这个用户加入的组"
-
- #: src/tools/sss_usermod.c:54
- msgid "Groups to remove this user from"
--msgstr ""
-+msgstr "要从中删除该用户的组"
-
- #: src/tools/sss_usermod.c:55
- msgid "Lock the account"
--msgstr ""
-+msgstr "锁定账户"
-
- #: src/tools/sss_usermod.c:56
- msgid "Unlock the account"
--msgstr ""
-+msgstr "解锁账户"
-
- #: src/tools/sss_usermod.c:57
- msgid "Add an attribute/value pair. The format is attrname=value."
--msgstr ""
-+msgstr "添加一个属性/值对。格式为 attrname=value。"
-
- #: src/tools/sss_usermod.c:58
- msgid "Delete an attribute/value pair. The format is attrname=value."
--msgstr ""
-+msgstr "删除一个属性/值对。格式为 attrname=value。"
-
- #: src/tools/sss_usermod.c:59
- msgid ""
- "Set an attribute to a name/value pair. The format is attrname=value. For "
- "multi-valued attributes, the command replaces the values already present"
--msgstr ""
-+msgstr "将属性设置为名称/值对。格式为 attrname=value。对于多值属性,替换值的命令已存在。"
-
- #: src/tools/sss_usermod.c:117 src/tools/sss_usermod.c:126
- #: src/tools/sss_usermod.c:135
- msgid "Specify the attribute name/value pair(s)\n"
--msgstr ""
-+msgstr "指定属性名称/值对\n"
-
- #: src/tools/sss_usermod.c:152
- msgid "Specify user to modify\n"
--msgstr ""
-+msgstr "指定要修改的用户\n"
-
- #: src/tools/sss_usermod.c:180
- msgid ""
- "Cannot find user in local domain, modifying users is allowed only in local "
- "domain\n"
--msgstr ""
-+msgstr "在本地域中找不到用户,仅允许在本地域中修改用户\n"
-
- #: src/tools/sss_usermod.c:322
- msgid "Could not modify user - check if group names are correct\n"
--msgstr ""
-+msgstr "无法修改用户 - 检查组名称是否正确\n"
-
- #: src/tools/sss_usermod.c:326
- msgid "Could not modify user - user already member of groups?\n"
--msgstr ""
-+msgstr "无法修改用户 - 用户是否已是组成员?\n"
-
- #: src/tools/sss_usermod.c:330
- msgid "Transaction error. Could not modify user.\n"
--msgstr ""
-+msgstr "交易错误。无法修改用户。\n"
-
- #: src/tools/sss_cache.c:245
- msgid "No cache object matched the specified search\n"
--msgstr ""
-+msgstr "没有符合指定搜索条件的缓存对象\n"
-
- #: src/tools/sss_cache.c:536
- #, c-format
- msgid "Couldn't invalidate %1$s\n"
--msgstr ""
-+msgstr "无法使 %1$s 无效\n"
-
- #: src/tools/sss_cache.c:543
- #, c-format
- msgid "Couldn't invalidate %1$s %2$s\n"
--msgstr ""
-+msgstr "无法使 %1$s %2$s 无效\n"
-
- #: src/tools/sss_cache.c:721
- msgid "Invalidate all cached entries"
--msgstr ""
-+msgstr "使所有缓存的条目无效"
-
- #: src/tools/sss_cache.c:723
- msgid "Invalidate particular user"
--msgstr ""
-+msgstr "使特定用户无效"
-
- #: src/tools/sss_cache.c:725
- msgid "Invalidate all users"
--msgstr ""
-+msgstr "使所有用户无效"
-
- #: src/tools/sss_cache.c:727
- msgid "Invalidate particular group"
--msgstr ""
-+msgstr "使特定组无效"
-
- #: src/tools/sss_cache.c:729
- msgid "Invalidate all groups"
--msgstr ""
-+msgstr "使所有组无效"
-
- #: src/tools/sss_cache.c:731
- msgid "Invalidate particular netgroup"
--msgstr ""
-+msgstr "使特定 netgroup 无效"
-
- #: src/tools/sss_cache.c:733
- msgid "Invalidate all netgroups"
--msgstr ""
-+msgstr "使所有 netgroup 无效"
-
- #: src/tools/sss_cache.c:735
- msgid "Invalidate particular service"
--msgstr ""
-+msgstr "使特定服务无效"
-
- #: src/tools/sss_cache.c:737
- msgid "Invalidate all services"
--msgstr ""
-+msgstr "使所有服务无效"
-
- #: src/tools/sss_cache.c:740
- msgid "Invalidate particular autofs map"
--msgstr ""
-+msgstr "使特定 autofs 映射无效"
-
- #: src/tools/sss_cache.c:742
- msgid "Invalidate all autofs maps"
--msgstr ""
-+msgstr "使所有 autofs 映射无效"
-
- #: src/tools/sss_cache.c:746
- msgid "Invalidate particular SSH host"
--msgstr ""
-+msgstr "使特定 SSH 主机无效"
-
- #: src/tools/sss_cache.c:748
- msgid "Invalidate all SSH hosts"
--msgstr ""
-+msgstr "使所有 SSH 主机无效"
-
- #: src/tools/sss_cache.c:752
- msgid "Invalidate particular sudo rule"
--msgstr ""
-+msgstr "使特定 sudo 规则无效"
-
- #: src/tools/sss_cache.c:754
- msgid "Invalidate all cached sudo rules"
--msgstr ""
-+msgstr "使所有缓存的 sudo 规则无效"
-
- #: src/tools/sss_cache.c:757
- msgid "Only invalidate entries from a particular domain"
--msgstr ""
-+msgstr "使来自特定域的项无效"
-
- #: src/tools/sss_cache.c:811
- msgid ""
- "Unexpected argument(s) provided, options that invalidate a single object "
- "only accept a single provided argument.\n"
--msgstr ""
-+msgstr "提供了意外的参数,使单个对象无效的选项仅接受单个参数。\n"
-
- #: src/tools/sss_cache.c:821
- msgid "Please select at least one object to invalidate\n"
--msgstr ""
-+msgstr "请选择至少一个对象以使其无效\n"
-
- #: src/tools/sss_cache.c:904
- #, c-format
- msgid ""
- "Could not open domain %1$s. If the domain is a subdomain (trusted domain), "
- "use fully qualified name instead of --domain/-d parameter.\n"
--msgstr ""
-+msgstr "无法打开域 %1$s 。如果域是子域(受信任的域),请使用完全限定名而不是 --domain/-d 参数。\n"
-
- #: src/tools/sss_cache.c:909
- msgid "Could not open available domains\n"
--msgstr ""
-+msgstr "无法打开可用域\n"
-
- #: src/tools/tools_util.c:202
- #, c-format
- msgid "Name '%1$s' does not seem to be FQDN ('%2$s = TRUE' is set)\n"
--msgstr ""
-+msgstr "名称 '%1$s' 似乎不是 FQDN(设置了 '%2$s =TRUE‘)\n"
-
- #: src/tools/tools_util.c:309
- msgid "Out of memory\n"
--msgstr ""
-+msgstr "无可用内存\n"
-
- #: src/tools/tools_util.h:40
- #, c-format
- msgid "%1$s must be run as root\n"
--msgstr ""
-+msgstr "%1$s 必须以 root 运行\n"
-
- #: src/tools/sssctl/sssctl.c:35
- msgid "yes"
--msgstr ""
-+msgstr "是"
-
- #: src/tools/sssctl/sssctl.c:37
- msgid "no"
--msgstr ""
-+msgstr "否"
-
- #: src/tools/sssctl/sssctl.c:39
- msgid "error"
--msgstr ""
-+msgstr "错误"
-
- #: src/tools/sssctl/sssctl.c:42
- msgid "Invalid result."
--msgstr ""
-+msgstr "结果无效。"
-
- #: src/tools/sssctl/sssctl.c:78
- msgid "Unable to read user input\n"
--msgstr ""
-+msgstr "无法读取用户输入\n"
-
- #: src/tools/sssctl/sssctl.c:91
- #, c-format
- msgid "Invalid input, please provide either '%s' or '%s'.\n"
--msgstr ""
-+msgstr "无效输入,请提供 '%s' 或 '%s'。\n"
-
- #: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
- msgid "Error while executing external command\n"
--msgstr ""
-+msgstr "执行外部命令时出错\n"
-
- #: src/tools/sssctl/sssctl.c:156
- msgid "SSSD needs to be running. Start SSSD now?"
--msgstr ""
-+msgstr "需要运行 SSSD。现在启动 SSSD?"
-
- #: src/tools/sssctl/sssctl.c:195
- msgid "SSSD must not be running. Stop SSSD now?"
--msgstr ""
-+msgstr "SSSD 不能运行。现在停止 SSSD?"
-
- #: src/tools/sssctl/sssctl.c:231
- msgid "SSSD needs to be restarted. Restart SSSD now?"
--msgstr ""
-+msgstr "需要重新运行 SSSD。现在重新运行 SSSD?"
-
- #: src/tools/sssctl/sssctl_cache.c:31
- #, c-format
- msgid " %s is not present in cache.\n"
--msgstr ""
-+msgstr " %s 没有存在于缓存中。\n"
-
- #: src/tools/sssctl/sssctl_cache.c:33
- msgid "Name"
--msgstr ""
-+msgstr "名称"
-
- #: src/tools/sssctl/sssctl_cache.c:34
- msgid "Cache entry creation date"
--msgstr ""
-+msgstr "缓存条目创建日期"
-
- #: src/tools/sssctl/sssctl_cache.c:35
- msgid "Cache entry last update time"
--msgstr ""
-+msgstr "缓存条目最新更新的时间"
-
- #: src/tools/sssctl/sssctl_cache.c:36
- msgid "Cache entry expiration time"
--msgstr ""
-+msgstr "缓存条目过期的时间"
-
- #: src/tools/sssctl/sssctl_cache.c:37
- msgid "Cached in InfoPipe"
--msgstr ""
-+msgstr "在 InfoPipe 中缓存"
-
- #: src/tools/sssctl/sssctl_cache.c:522
- #, c-format
- msgid "Error: Unable to get object [%d]: %s\n"
--msgstr ""
-+msgstr "错误:无法获得对象 [%d]: %s\n"
-
- #: src/tools/sssctl/sssctl_cache.c:538
- #, c-format
- msgid "%s: Unable to read value [%d]: %s\n"
--msgstr ""
-+msgstr "%s: 无法读取值 [%d]: %s\n"
-
- #: src/tools/sssctl/sssctl_cache.c:566
- msgid "Specify name."
--msgstr ""
-+msgstr "指定名称。"
-
- #: src/tools/sssctl/sssctl_cache.c:576
- #, c-format
- msgid "Unable to parse name %s.\n"
--msgstr ""
-+msgstr "无法解析名称 %s 。\n"
-
- #: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
- msgid "Search by SID"
--msgstr ""
-+msgstr "使用 SID 搜索"
-
- #: src/tools/sssctl/sssctl_cache.c:603
- msgid "Search by user ID"
--msgstr ""
-+msgstr "使用用户 ID 搜索"
-
- #: src/tools/sssctl/sssctl_cache.c:612
- msgid "Initgroups expiration time"
--msgstr ""
-+msgstr "Initgroups 过期时间"
-
- #: src/tools/sssctl/sssctl_cache.c:650
- msgid "Search by group ID"
--msgstr ""
-+msgstr "使用组 ID 搜索"
-
--#: src/tools/sssctl/sssctl_config.c:70
-+#: src/tools/sssctl/sssctl_config.c:112
- #, c-format
- msgid "Failed to open %s\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:75
-+#: src/tools/sssctl/sssctl_config.c:117
- #, c-format
- msgid "File %1$s does not exist.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:79
-+#: src/tools/sssctl/sssctl_config.c:121
- msgid ""
- "File ownership and permissions check failed. Expected root:root and 0600.\n"
--msgstr ""
-+msgstr "文件所有权和权限检查失败。预期的是 root:root 和 0600。\n"
-
--#: src/tools/sssctl/sssctl_config.c:85
-+#: src/tools/sssctl/sssctl_config.c:127
- #, c-format
- msgid "Failed to load configuration from %s.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:91
-+#: src/tools/sssctl/sssctl_config.c:133
- msgid "Error while reading configuration directory.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:99
-+#: src/tools/sssctl/sssctl_config.c:141
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:111
-+#: src/tools/sssctl/sssctl_config.c:153
- msgid "Failed to run validators"
- msgstr ""
-
--#: src/tools/sssctl/sssctl_config.c:115
-+#: src/tools/sssctl/sssctl_config.c:157
- #, c-format
- msgid "Issues identified by validators: %zu\n"
--msgstr ""
-+msgstr "验证者发现了问题: %zu\n"
-
--#: src/tools/sssctl/sssctl_config.c:126
-+#: src/tools/sssctl/sssctl_config.c:168
- #, c-format
- msgid "Messages generated during configuration merging: %zu\n"
--msgstr ""
-+msgstr "配置合并期间生成的消息: %zu\n"
-
--#: src/tools/sssctl/sssctl_config.c:137
-+#: src/tools/sssctl/sssctl_config.c:179
- #, c-format
- msgid "Used configuration snippet files: %zu\n"
- msgstr ""
-@@ -956,76 +2760,76 @@ msgstr ""
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
- msgid "Unable to create backup directory [%d]: %s"
--msgstr ""
-+msgstr "无法创建备份目录 [%d]: %s"
-
- #: src/tools/sssctl/sssctl_data.c:95
- msgid "SSSD backup of local data already exists, override?"
--msgstr ""
-+msgstr "SSSD 本地数据备份已经存在,可以覆盖吗?"
-
- #: src/tools/sssctl/sssctl_data.c:111
- msgid "Unable to export user overrides\n"
--msgstr ""
-+msgstr "无法导出用户覆盖\n"
-
- #: src/tools/sssctl/sssctl_data.c:118
- msgid "Unable to export group overrides\n"
--msgstr ""
-+msgstr "无法导出组覆盖\n"
-
- #: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
- msgid "Override existing backup"
--msgstr ""
-+msgstr "覆盖现有的备份"
-
- #: src/tools/sssctl/sssctl_data.c:164
- msgid "Unable to import user overrides\n"
--msgstr ""
-+msgstr "无法导入用户覆盖\n"
-
- #: src/tools/sssctl/sssctl_data.c:173
- msgid "Unable to import group overrides\n"
--msgstr ""
-+msgstr "无法导入组覆盖\n"
-
- #: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
- #: src/tools/sssctl/sssctl_domains.c:328
- msgid "Start SSSD if it is not running"
--msgstr ""
-+msgstr "如果未运行,启动 SSSD"
-
- #: src/tools/sssctl/sssctl_data.c:195
- msgid "Restart SSSD after data import"
--msgstr ""
-+msgstr "数据导入后重新启动 SSSD"
-
- #: src/tools/sssctl/sssctl_data.c:218
- msgid "Create clean cache files and import local data"
--msgstr ""
-+msgstr "创建干净的缓存文件并导入本地数据"
-
- #: src/tools/sssctl/sssctl_data.c:219
- msgid "Stop SSSD before removing the cache"
--msgstr ""
-+msgstr "在删除缓存之前停止 SSSD"
-
- #: src/tools/sssctl/sssctl_data.c:220
- msgid "Start SSSD when the cache is removed"
--msgstr ""
-+msgstr "删除缓存后启动 SSSD"
-
- #: src/tools/sssctl/sssctl_data.c:235
- msgid "Creating backup of local data...\n"
--msgstr ""
-+msgstr "正在创建本地数据备份...\n"
-
- #: src/tools/sssctl/sssctl_data.c:238
- msgid "Unable to create backup of local data, can not remove the cache.\n"
--msgstr ""
-+msgstr "无法创建本地数据备份,无法删除缓存。\n"
-
- #: src/tools/sssctl/sssctl_data.c:243
- msgid "Removing cache files...\n"
--msgstr ""
-+msgstr "删除缓存文件...\n"
-
- #: src/tools/sssctl/sssctl_data.c:246
- msgid "Unable to remove cache files\n"
--msgstr ""
-+msgstr "无法删除缓存文件\n"
-
- #: src/tools/sssctl/sssctl_data.c:251
- msgid "Restoring local data...\n"
--msgstr ""
-+msgstr "恢复本地数据...\n"
-
- #: src/tools/sssctl/sssctl_domains.c:83
- msgid "Show domain list including primary or trusted domain type"
--msgstr ""
-+msgstr "显示域列表,包括主要或受信任的域类型"
-
- #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
- #: src/tools/sssctl/sssctl_user_checks.c:95
-@@ -1034,16 +2838,16 @@ msgstr ""
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Online"
--msgstr ""
-+msgstr "在线"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Offline"
--msgstr ""
-+msgstr "离线"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- #, c-format
- msgid "Online status: %s\n"
--msgstr ""
-+msgstr "在线状态: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
- msgid "This domain has no active servers.\n"
-@@ -1051,11 +2855,11 @@ msgstr ""
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
--msgstr ""
-+msgstr "活动服务器:\n"
-
- #: src/tools/sssctl/sssctl_domains.c:230
- msgid "not connected"
--msgstr ""
-+msgstr "未连接"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
-@@ -1064,307 +2868,285 @@ msgstr ""
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
- msgid "Discovered %s servers:\n"
--msgstr ""
-+msgstr "发现的 %s 服务器:\n"
-
- #: src/tools/sssctl/sssctl_domains.c:285
- msgid "None so far.\n"
--msgstr ""
-+msgstr "到目前为止没有。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:325
- msgid "Show online status"
--msgstr ""
-+msgstr "显示在线状态"
-
- #: src/tools/sssctl/sssctl_domains.c:326
- msgid "Show information about active server"
--msgstr ""
-+msgstr "显示有关活动服务器的信息"
-
- #: src/tools/sssctl/sssctl_domains.c:327
- msgid "Show list of discovered servers"
--msgstr ""
-+msgstr "显示发现的服务器列表"
-
- #: src/tools/sssctl/sssctl_domains.c:333
- msgid "Specify domain name."
--msgstr ""
-+msgstr "指定域名。"
-
- #: src/tools/sssctl/sssctl_domains.c:355
- msgid "Out of memory!\n"
--msgstr ""
-+msgstr "无可用的内存!\n"
-
- #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
- msgid "Unable to get online status\n"
--msgstr ""
-+msgstr "无法获得在线状态\n"
-
- #: src/tools/sssctl/sssctl_domains.c:395
- msgid "Unable to get server list\n"
--msgstr ""
-+msgstr "无法获取服务器列表\n"
-
- #: src/tools/sssctl/sssctl_logs.c:46
- msgid "\n"
--msgstr ""
-+msgstr "\n"
-
- #: src/tools/sssctl/sssctl_logs.c:236
- msgid "Delete log files instead of truncating"
--msgstr ""
-+msgstr "删除日志文件而不是截断"
-
- #: src/tools/sssctl/sssctl_logs.c:247
- msgid "Deleting log files...\n"
--msgstr ""
-+msgstr "删除日志文件...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:250
- msgid "Unable to remove log files\n"
--msgstr ""
-+msgstr "无法删除日志文件\n"
-
- #: src/tools/sssctl/sssctl_logs.c:256
- msgid "Truncating log files...\n"
--msgstr ""
-+msgstr "截断日志文件...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:259
- msgid "Unable to truncate log files\n"
--msgstr ""
-+msgstr "无法截断日志文件\n"
-
- #: src/tools/sssctl/sssctl_logs.c:285
- msgid "Out of memory!"
--msgstr ""
-+msgstr "无可用的内存!"
-
- #: src/tools/sssctl/sssctl_logs.c:288
- #, c-format
- msgid "Archiving log files into %s...\n"
--msgstr ""
-+msgstr "将日志文件归档到 %s ...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:291
- msgid "Unable to archive log files\n"
--msgstr ""
-+msgstr "无法归档日志文件\n"
-
- #: src/tools/sssctl/sssctl_logs.c:316
- msgid "Specify debug level you want to set"
--msgstr ""
-+msgstr "指定要设置的调试级别"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
--msgstr ""
-+msgstr "SSSD InfoPipe 用户查找结果:\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:167
- #, c-format
- msgid "dlopen failed with [%s].\n"
--msgstr ""
-+msgstr "dlopen 失败 [%s]。\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:174
- #, c-format
- msgid "dlsym failed with [%s].\n"
--msgstr ""
-+msgstr "dlsym 失败 [%s]。\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:182
- msgid "malloc failed.\n"
--msgstr ""
-+msgstr "malloc 失败。\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:189
- #, c-format
- msgid "sss_getpwnam_r failed with [%d].\n"
--msgstr ""
-+msgstr "sss_getpwnam_r 失败 [%d]。\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:194
- msgid "SSSD nss user lookup result:\n"
--msgstr ""
-+msgstr "SSSD nss 用户查找结果:\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:195
- #, c-format
- msgid " - user name: %s\n"
--msgstr ""
-+msgstr " - 用户名 : %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:196
- #, c-format
- msgid " - user id: %d\n"
--msgstr ""
-+msgstr " - 用户 id: %d\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:197
- #, c-format
- msgid " - group id: %d\n"
--msgstr ""
-+msgstr " - 组 id: %d\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:198
- #, c-format
- msgid " - gecos: %s\n"
--msgstr ""
-+msgstr " - gecos: %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:199
- #, c-format
- msgid " - home directory: %s\n"
--msgstr ""
-+msgstr " - 家目录 : %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:200
- #, c-format
--msgid ""
--" - shell: %s\n"
-+msgid " - shell: %s\n"
-+"\n"
-+msgstr " - shell: %s\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:232
- msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
--msgstr ""
-+msgstr "PAM 操作 [auth|acct|setc|chau|open|clos],默认:"
-
- #: src/tools/sssctl/sssctl_user_checks.c:235
- msgid "PAM service, default: "
--msgstr ""
-+msgstr "PAM 服务,默认:"
-
- #: src/tools/sssctl/sssctl_user_checks.c:240
- msgid "Specify user name."
--msgstr ""
-+msgstr "指定用户名。"
-
- #: src/tools/sssctl/sssctl_user_checks.c:247
- #, c-format
--msgid ""
--"user: %s\n"
-+msgid "user: %s\n"
- "action: %s\n"
- "service: %s\n"
- "\n"
--msgstr ""
-+msgstr "用户:%s\n"
-+"操作:%s\n"
-+"服务:%s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:252
- #, c-format
- msgid "User name lookup with [%s] failed.\n"
--msgstr ""
-+msgstr "使用 [%s] 进行用户名查找失败。\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:257
- #, c-format
- msgid "InfoPipe User lookup with [%s] failed.\n"
--msgstr ""
-+msgstr "使用 [%s] 进行 InfoPipe 用户查找失败。\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:263
- #, c-format
- msgid "pam_start failed: %s\n"
--msgstr ""
-+msgstr "pam_start 失败:%s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:268
--msgid ""
--"testing pam_authenticate\n"
-+msgid "testing pam_authenticate\n"
-+"\n"
-+msgstr "testing pam_authenticate\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:272
- #, c-format
- msgid "pam_get_item failed: %s\n"
--msgstr ""
-+msgstr "pam_get_item 失败:%s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:275
- #, c-format
--msgid ""
--"pam_authenticate for user [%s]: %s\n"
-+msgid "pam_authenticate for user [%s]: %s\n"
-+"\n"
-+msgstr "pam_authenticate 用户 [%s]: %s\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:278
--msgid ""
--"testing pam_chauthtok\n"
-+msgid "testing pam_chauthtok\n"
-+"\n"
-+msgstr "testing pam_chauthtok\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:280
- #, c-format
--msgid ""
--"pam_chauthtok: %s\n"
-+msgid "pam_chauthtok: %s\n"
-+"\n"
-+msgstr "pam_chauthtok: %s\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:282
--msgid ""
--"testing pam_acct_mgmt\n"
-+msgid "testing pam_acct_mgmt\n"
-+"\n"
-+msgstr "测试 pam_acct_mgmt\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:284
- #, c-format
--msgid ""
--"pam_acct_mgmt: %s\n"
-+msgid "pam_acct_mgmt: %s\n"
-+"\n"
-+msgstr "pam_acct_mgmt: %s\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:286
--msgid ""
--"testing pam_setcred\n"
-+msgid "testing pam_setcred\n"
-+"\n"
-+msgstr "测试 pam_setcred\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:288
- #, c-format
--msgid ""
--"pam_setcred: [%s]\n"
-+msgid "pam_setcred: [%s]\n"
-+"\n"
-+msgstr "pam_setcred: [%s]\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:290
--msgid ""
--"testing pam_open_session\n"
-+msgid "testing pam_open_session\n"
-+"\n"
-+msgstr "测试 pam_open_session\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:292
- #, c-format
--msgid ""
--"pam_open_session: %s\n"
-+msgid "pam_open_session: %s\n"
-+"\n"
-+msgstr "pam_open_session: %s\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:294
--msgid ""
--"testing pam_close_session\n"
-+msgid "testing pam_close_session\n"
-+"\n"
-+msgstr "testing pam_close_session\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:296
- #, c-format
--msgid ""
--"pam_close_session: %s\n"
-+msgid "pam_close_session: %s\n"
-+"\n"
-+msgstr "pam_close_session: %s\n"
- "\n"
--msgstr ""
-
- #: src/tools/sssctl/sssctl_user_checks.c:298
- msgid "unknown action\n"
--msgstr ""
-+msgstr "未知操作\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:301
- msgid "PAM Environment:\n"
--msgstr ""
-+msgstr "PAM 环境:\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:309
- msgid " - no env -\n"
--msgstr ""
-+msgstr " -没有环境-\n"
-
- #: src/util/util.h:82
- msgid "The user ID to run the server as"
--msgstr ""
-+msgstr "运行服务器的用户 ID"
-
- #: src/util/util.h:84
- msgid "The group ID to run the server as"
--msgstr ""
-+msgstr "运行服务器的组 ID"
-
- #: src/util/util.h:92
- msgid "Informs that the responder has been socket-activated"
--msgstr ""
-+msgstr "通知响应者已被套接字激活"
-
- #: src/util/util.h:94
- msgid "Informs that the responder has been dbus-activated"
--msgstr ""
--
--#~ msgid "Set the verbosity of the debug logging"
--#~ msgstr "设定调试日志记录等级"
--
--#~ msgid "Include timestamps in debug logs"
--#~ msgstr "在调试日志中包含时间戳"
--
--#~ msgid "Write debug messages to logfiles"
--#~ msgstr "写入调试信息到日志文件"
--
--#~ msgid "Command to start service"
--#~ msgstr "启动服务命令"
--
--#~ msgid "IPA server address"
--#~ msgstr "IPA 服务器地址"
--
--#~ msgid "Address of backup IPA server"
--#~ msgstr "IPA 备份服务器地址"
--
--#~ msgid "Kerberos server address"
--#~ msgstr "Kerberos 服务器地址"
--
--#~ msgid "Authentication timeout"
--#~ msgstr "验证超时"
-+msgstr "通知响应者已被 dbus 激活"
---
-2.21.3
-
diff --git a/SOURCES/0037-Updated-translation-files-Japanese-Chinese-China-Fre.patch b/SOURCES/0037-Updated-translation-files-Japanese-Chinese-China-Fre.patch
deleted file mode 100644
index 81d4709..0000000
--- a/SOURCES/0037-Updated-translation-files-Japanese-Chinese-China-Fre.patch
+++ /dev/null
@@ -1,1537 +0,0 @@
-From 7de6754738f61080b3520c4c7add6d627877eb27 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Fri, 24 Jul 2020 12:13:39 +0200
-Subject: [PATCH] Updated translation files: Japanese, Chinese (China), French
-
----
- po/fr.po | 152 +++++++++++++++++++++++++++++++++++-----------
- po/ja.po | 124 +++++++++++++++++++++-----------------
- po/zh_CN.po | 170 +++++++++++++++++++++++++++-------------------------
- 3 files changed, 277 insertions(+), 169 deletions(-)
-
-diff --git a/po/fr.po b/po/fr.po
-index 198c757e8..6119909e9 100644
---- a/po/fr.po
-+++ b/po/fr.po
-@@ -1,13 +1,12 @@
- # SOME DESCRIPTIVE TITLE.
- # Copyright (C) YEAR Red Hat, Inc.
- # This file is distributed under the same license as the PACKAGE package.
--#
-+#
- # Translators:
- # Fabien Archambault <marbolangos@gmail.com>, 2012
- # Jérôme Fenal <jfenal@gmail.com>, 2012-2014
- # Fabien Archambault <marbolangos@gmail.com>, 2012
- # Mariko Vincent <dweu60@gmail.com>, 2012
--# Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata
- # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
- # Ludek Janda <ljanda@redhat.com>, 2020. #zanata
- # Pavel Brezina <pbrezina@redhat.com>, 2020. #zanata
-@@ -19,8 +18,8 @@ msgstr ""
- "MIME-Version: 1.0\n"
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
--"PO-Revision-Date: 2020-05-19 10:07+0000\n"
--"Last-Translator: Pavel Brezina <pbrezina@redhat.com>\n"
-+"PO-Revision-Date: 2020-07-22 07:46-0400\n"
-+"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/fr/"
- ")\n"
- "Language: fr\n"
-@@ -84,12 +83,18 @@ msgid ""
- "is in seconds and calculated by the following: offline_timeout + "
- "random_offset."
- msgstr ""
-+"Lorsque le SSSD passe en mode hors ligne, le temps qui s’écoule avant qu'il "
-+"ne tente de se reconnecter augmente en fonction du temps passé hors ligne. "
-+"Cette valeur est exprimée en secondes et calculée comme suit : "
-+"offline_timeout + random_offset."
-
- #: src/config/SSSDConfig/sssdoptions.py:38
- msgid ""
- "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
- "version 2."
- msgstr ""
-+"Indique la syntaxe du fichier de configuration. Pour SSSD 0.6.0 ou "
-+"supérieure utiliser la version 2."
-
- #: src/config/SSSDConfig/sssdoptions.py:39
- msgid "SSSD Services to start"
-@@ -154,6 +159,8 @@ msgid ""
- "Controls if SSSD should monitor the state of resolv.conf to identify when it "
- "needs to update its internal DNS resolver."
- msgstr ""
-+"Contrôle si le SSSD doit surveiller l'état de resolv.conf pour identifier "
-+"quand il doit mettre à jour son résolveur DNS interne."
-
- #: src/config/SSSDConfig/sssdoptions.py:54
- msgid ""
-@@ -162,6 +169,10 @@ msgid ""
- "this, and will fall back to polling resolv.conf every five seconds if "
- "inotify cannot be used."
- msgstr ""
-+"Le SSSD surveille l'état de resolv.conf afin d'identifier quand il doit "
-+"mettre à jour son résolveur DNS interne. Par défaut, nous essaierons "
-+"d'utiliser inotify pour cela, et par défaut, resolv.conf sera interrogé "
-+"toutes les cinq secondes si inotify ne peut pas être utilisé."
-
- #: src/config/SSSDConfig/sssdoptions.py:59
- msgid "Enumeration cache timeout length (seconds)"
-@@ -250,12 +261,16 @@ msgid ""
- "The value of this option will be used in the expansion of the "
- "override_homedir option if the template contains the format string %H."
- msgstr ""
-+"La valeur de cette option sera utilisée dans l'extension de l'option "
-+"override_homedir si le modèle contient la chaîne de format %H."
-
- #: src/config/SSSDConfig/sssdoptions.py:77
- msgid ""
- "Specifies time in seconds for which the list of subdomains will be "
- "considered valid."
- msgstr ""
-+"Spécifie la durée en secondes pendant laquelle la liste de sous-domaines est "
-+"jugée valide."
-
- #: src/config/SSSDConfig/sssdoptions.py:79
- msgid ""
-@@ -263,6 +278,9 @@ msgid ""
- "if they are requested beyond a percentage of the entry_cache_timeout value "
- "for the domain."
- msgstr ""
-+"La valeur du cache peut être définie pour mettre à jour automatiquement les "
-+"entrées en arrière plan si la requête ne dépasse pas un pourcentage de la "
-+"valeur de entry_cache_timeout pour le domaine."
-
- #: src/config/SSSDConfig/sssdoptions.py:84
- msgid "How long to allow cached logins between online logins (days)"
-@@ -359,7 +377,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/sssdoptions.py:103
- msgid "When shall the PAM responder force an initgroups request"
--msgstr ""
-+msgstr "Quand le répondeur de PAM doit-il forcer une demande d'initgroupes"
-
- #: src/config/SSSDConfig/sssdoptions.py:106
- msgid "Whether to evaluate the time-based attributes in sudo rules"
-@@ -520,6 +538,10 @@ msgid ""
- "- No users are recorded. some - Users/groups specified by users and groups "
- "options are recorded. all - All users are recorded."
- msgstr ""
-+"Une des chaînes suivantes spécifiant l'étendue de l'enregistrement de la "
-+"session : none - Aucun utilisateur n'est enregistré. some - Les utilisateurs/"
-+"groupes spécifiés par les options des utilisateurs et des groupes sont "
-+"enregistrés. all - Tous les utilisateurs sont enregistrés."
-
- #: src/config/SSSDConfig/sssdoptions.py:157
- msgid ""
-@@ -527,6 +549,10 @@ msgid ""
- "Matches user names as returned by NSS. I.e. after the possible space "
- "replacement, case changes, etc."
- msgstr ""
-+"Une liste d'utilisateurs, séparés par des virgules, dont l'enregistrement de "
-+"session devrait être activé. Correspond aux noms d'utilisateurs renvoyés par "
-+"le NSS. C'est-à-dire après le remplacement éventuel de l'espace, les "
-+"changements de casse, etc."
-
- #: src/config/SSSDConfig/sssdoptions.py:159
- msgid ""
-@@ -534,6 +560,10 @@ msgid ""
- "recording enabled. Matches group names as returned by NSS. I.e. after the "
- "possible space replacement, case changes, etc."
- msgstr ""
-+"Une liste de groupes séparés par des virgules, dont les membres doivent "
-+"avoir l'enregistrement de session activé. Correspond aux noms des groupes "
-+"renvoyés par le NSS, c-à-d après le remplacement éventuel de l'espace, les "
-+"changements de cas, etc."
-
- #: src/config/SSSDConfig/sssdoptions.py:164
- msgid "Identity provider"
-@@ -573,7 +603,7 @@ msgstr "Fournisseur de gestion de session"
-
- #: src/config/SSSDConfig/sssdoptions.py:173
- msgid "Resolver provider"
--msgstr ""
-+msgstr "Fournisseur de résolveurs"
-
- #: src/config/SSSDConfig/sssdoptions.py:176
- msgid "Whether the domain is usable by the OS or by applications"
-@@ -733,24 +763,30 @@ msgstr ""
-
- #: src/config/SSSDConfig/sssdoptions.py:215
- msgid "Display a warning N days before the password expires."
--msgstr ""
-+msgstr "Afficher une alerte N jours avant l'expiration du mot de passe."
-
- #: src/config/SSSDConfig/sssdoptions.py:216
- msgid ""
- "Various tags stored by the realmd configuration service for this domain."
- msgstr ""
-+"Étiquettes diverses stockées par le service de configuration de realmd pour "
-+"ce domaine."
-
- #: src/config/SSSDConfig/sssdoptions.py:217
- msgid ""
- "The provider which should handle fetching of subdomains. This value should "
- "be always the same as id_provider."
- msgstr ""
-+"Le fournisseur doit être capable de gérer la récupération des sous-domaines. "
-+"Cette valeur doit être toujours identique à id_provider."
-
- #: src/config/SSSDConfig/sssdoptions.py:219
- msgid ""
- "How many seconds to keep a host ssh key after refresh. IE how long to cache "
- "the host key for."
- msgstr ""
-+"La durée en secondes pendant laquelle conserver une clé ssh d'hôte après "
-+"rafraichissement. I.e. combien de temps mettre la clé en cache."
-
- #: src/config/SSSDConfig/sssdoptions.py:221
- msgid ""
-@@ -758,6 +794,11 @@ msgid ""
- "this value determines the minimal length the first authentication factor "
- "(long term password) must have to be saved as SHA512 hash into the cache."
- msgstr ""
-+"Si l'authentification à 2 facteurs (2FA) est utilisée et que les "
-+"informations d'identification sont sauvegardées, cette valeur détermine la "
-+"longueur minimale à laquelle le premier facteur d'authentification (mot de "
-+"passe à long terme) doit être sauvegardé en tant que hachage SHA512 dans le "
-+"cache."
-
- #: src/config/SSSDConfig/sssdoptions.py:227
- msgid "IPA domain"
-@@ -871,116 +912,140 @@ msgstr ""
-
- #: src/config/SSSDConfig/sssdoptions.py:256
- msgid "The LDAP attribute that contains FQDN of the host."
--msgstr ""
-+msgstr "L'attribut LDAP qui contient le FQDN de l'hôte."
-
- #: src/config/SSSDConfig/sssdoptions.py:257
- #: src/config/SSSDConfig/sssdoptions.py:280
- msgid "The object class of a host entry in LDAP."
--msgstr ""
-+msgstr "La classe d'objet d'une entrée utilisateur dans LDAP."
-
- #: src/config/SSSDConfig/sssdoptions.py:258
- msgid "Use the given string as search base for host objects."
- msgstr ""
-+"Utiliser la chaîne donnée comme base de recherche pour héberger des objets."
-
- #: src/config/SSSDConfig/sssdoptions.py:259
- msgid "The LDAP attribute that contains the host's SSH public keys."
--msgstr ""
-+msgstr "L'attribut LDAP qui contient les clés publiques SSH de l'hôte."
-
- #: src/config/SSSDConfig/sssdoptions.py:260
- msgid "The LDAP attribute that contains NIS domain name of the netgroup."
--msgstr ""
-+msgstr "L'attribut LDAP qui contient le nom de domaine NIS du netgroup."
-
- #: src/config/SSSDConfig/sssdoptions.py:261
- msgid "The LDAP attribute that contains the names of the netgroup's members."
--msgstr ""
-+msgstr "L'attribut LDAP contenant les noms des membres du netgroup."
-
- #: src/config/SSSDConfig/sssdoptions.py:262
- msgid ""
- "The LDAP attribute that lists FQDNs of hosts and host groups that are "
- "members of the netgroup."
- msgstr ""
-+"L'attribut LDAP qui répertorie les FQDN des hôtes et des groupes d'hôtes qui "
-+"sont membres du netgroup."
-
- #: src/config/SSSDConfig/sssdoptions.py:264
- msgid ""
- "The LDAP attribute that lists hosts and host groups that are direct members "
- "of the netgroup."
- msgstr ""
-+"L'attribut LDAP qui répertorie les hôtes et les groupes d'hôtes qui sont des "
-+"membres directs du netgroup."
-
- #: src/config/SSSDConfig/sssdoptions.py:266
- msgid "The LDAP attribute that lists netgroup's memberships."
--msgstr ""
-+msgstr "L'attribut LDAP qui répertorie les adhésions au netgroup."
-
- #: src/config/SSSDConfig/sssdoptions.py:267
- msgid ""
- "The LDAP attribute that lists system users and groups that are direct "
- "members of the netgroup."
- msgstr ""
-+"L'attribut LDAP qui répertorie les utilisateurs du système et les groupes "
-+"qui sont des membres directs du netgroup."
-
- #: src/config/SSSDConfig/sssdoptions.py:269
- msgid "The LDAP attribute that corresponds to the netgroup name."
--msgstr ""
-+msgstr "L'attribut LDAP correspondant au nom du netgroup."
-
- #: src/config/SSSDConfig/sssdoptions.py:270
- msgid "The object class of a netgroup entry in LDAP."
--msgstr ""
-+msgstr "La classe d'objet d'une entrée de netgroup dans LDAP."
-
- #: src/config/SSSDConfig/sssdoptions.py:271
- msgid ""
- "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
--msgstr ""
-+msgstr "L'attribut LDAP qui contient l'UUID/GUID d'un objet de netgroup LDAP."
-
- #: src/config/SSSDConfig/sssdoptions.py:272
- msgid ""
- "The LDAP attribute that contains whether or not is user map enabled for "
- "usage."
- msgstr ""
-+"L'attribut LDAP qui contient l’information de savoir si la carte "
-+"d'utilisateur est activée ou non pour l'utilisation."
-
- #: src/config/SSSDConfig/sssdoptions.py:274
- msgid "The LDAP attribute that contains host category such as 'all'."
--msgstr ""
-+msgstr "L'attribut LDAP qui contient la catégorie d'hôte telle que \"all\"."
-
- #: src/config/SSSDConfig/sssdoptions.py:275
- msgid ""
- "The LDAP attribute that contains all hosts / hostgroups this rule match "
- "against."
- msgstr ""
-+"L'attribut LDAP qui contient tous les hôtes / groupes d'hôtes auxquels cette "
-+"règle correspond."
-
- #: src/config/SSSDConfig/sssdoptions.py:277
- msgid ""
- "The LDAP attribute that contains all users / groups this rule match against."
- msgstr ""
-+"L'attribut LDAP qui contient tous les utilisateurs / groupes auxquels cette "
-+"règle correspond."
-
- #: src/config/SSSDConfig/sssdoptions.py:279
- msgid "The LDAP attribute that contains the name of SELinux usermap."
- msgstr ""
-+"L'attribut LDAP qui contient le nom de la carte d'utilisateur SELinux."
-
- #: src/config/SSSDConfig/sssdoptions.py:281
- msgid ""
- "The LDAP attribute that contains DN of HBAC rule which can be used for "
- "matching instead of memberUser and memberHost."
- msgstr ""
-+"L'attribut LDAP qui contient le DN de la règle HBAC qui peut être utilisé "
-+"pour la correspondance au lieu de memberUser et memberHost."
-
- #: src/config/SSSDConfig/sssdoptions.py:283
- msgid "The LDAP attribute that contains SELinux user string itself."
- msgstr ""
-+"L'attribut LDAP qui contient la chaîne d'utilisateur SELinux elle-même."
-
- #: src/config/SSSDConfig/sssdoptions.py:284
- msgid "The LDAP attribute that contains user category such as 'all'."
- msgstr ""
-+"L'attribut LDAP qui contient la catégorie d'utilisateur telle que \"all\"."
-
- #: src/config/SSSDConfig/sssdoptions.py:285
- msgid "The LDAP attribute that contains unique ID of the user map."
- msgstr ""
-+"L'attribut LDAP qui contient l'ID unique de la carte de l'utilisateur."
-
- #: src/config/SSSDConfig/sssdoptions.py:286
- msgid ""
- "The option denotes that the SSSD is running on IPA server and should perform "
- "lookups of users and groups from trusted domains differently."
- msgstr ""
-+"L'option indique que le SSSD fonctionne sur le serveur IPA et qu’il doit "
-+"effectuer différemment les recherches des utilisateurs et des groupes des "
-+"domaines approuvés."
-
- #: src/config/SSSDConfig/sssdoptions.py:288
- msgid "Use the given string as search base for trusted domains."
- msgstr ""
-+"Utiliser la chaîne donnée comme base de recherche pour les domaines "
-+"approuvés."
-
- #: src/config/SSSDConfig/sssdoptions.py:291
- msgid "Active Directory domain"
-@@ -1099,6 +1164,8 @@ msgstr "Option de réglage de la tâche de renouvellement du compte machine"
- #: src/config/SSSDConfig/sssdoptions.py:315
- msgid "Whether to update the machine account password in the Samba database"
- msgstr ""
-+"Indique s'il faut mettre à jour le mot de passe du compte de la machine dans "
-+"la base de données Samba"
-
- #: src/config/SSSDConfig/sssdoptions.py:317
- msgid "Use LDAPS port for LDAP and Global Catalog requests"
-@@ -1330,6 +1397,8 @@ msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-+"Permet de conserver les utilisateurs locaux en tant que membres d'un groupe "
-+"LDAP pour les serveurs qui utilisent le schéma RFC2307."
-
- #: src/config/SSSDConfig/sssdoptions.py:384
- msgid "entryUSN attribute"
-@@ -1596,11 +1665,11 @@ msgstr "Le niveau d'imbrication maximal du SSSD suivra"
-
- #: src/config/SSSDConfig/sssdoptions.py:454
- msgid "Filter for group lookups"
--msgstr ""
-+msgstr "Filtre pour les recherches de groupes"
-
- #: src/config/SSSDConfig/sssdoptions.py:455
- msgid "Scope of group lookups"
--msgstr ""
-+msgstr "Portée des recherches de groupe"
-
- #: src/config/SSSDConfig/sssdoptions.py:457
- msgid "Base DN for netgroup lookups"
-@@ -1853,47 +1922,47 @@ msgstr "Base DN pour les requêtes de carte de montage automatique"
-
- #: src/config/SSSDConfig/sssdoptions.py:529
- msgid "The name of the automount master map in LDAP."
--msgstr ""
-+msgstr "Le nom de la table de montage automatique maîtresse dans LDAP."
-
- #: src/config/SSSDConfig/sssdoptions.py:532
- msgid "Base DN for IP hosts lookups"
--msgstr ""
-+msgstr "DN de base pour la recherche d'hôtes IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:533
- msgid "Object class for IP hosts"
--msgstr ""
-+msgstr "Classe d'objet pour les hôtes IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:534
- msgid "IP host name attribute"
--msgstr ""
-+msgstr "Attribut du nom d'hôte IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:535
- msgid "IP host number (address) attribute"
--msgstr ""
-+msgstr "Attribut (adresse) du numéro d'hôte IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:536
- msgid "IP host entryUSN attribute"
--msgstr ""
-+msgstr "Attribut entryUSN d’hôte IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:537
- msgid "Base DN for IP networks lookups"
--msgstr ""
-+msgstr "DN de base pour la recherche de réseaux IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:538
- msgid "Object class for IP networks"
--msgstr ""
-+msgstr "Classe d'objets pour les réseaux IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:539
- msgid "IP network name attribute"
--msgstr ""
-+msgstr "Attribut du nom du réseau IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:540
- msgid "IP network number (address) attribute"
--msgstr ""
-+msgstr "Attribut (adresse) du numéro de réseau IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:541
- msgid "IP network entryUSN attribute"
--msgstr ""
-+msgstr "Attribut entryUSN de réseau IP"
-
- #: src/config/SSSDConfig/sssdoptions.py:544
- msgid "Comma separated list of allowed users"
-@@ -1908,6 +1977,9 @@ msgid ""
- "Comma separated list of groups that are allowed to log in. This applies only "
- "to groups within this SSSD domain. Local groups are not evaluated."
- msgstr ""
-+"Liste séparée par des virgules de groupes autorisés à se connecter. Ceci ne "
-+"s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont "
-+"pas pris en compte."
-
- #: src/config/SSSDConfig/sssdoptions.py:548
- msgid ""
-@@ -1915,6 +1987,9 @@ msgid ""
- "applies only to groups within this SSSD domain. Local groups are not "
- "evaluated."
- msgstr ""
-+"Liste séparée par des virgules de groupes dont l'accès sera refusé. Ceci ne "
-+"s'applique qu'à des groupes dans un domaine SSSD. Les groupes locaux ne sont "
-+"pas pris en compte."
-
- #: src/config/SSSDConfig/sssdoptions.py:552
- msgid "Base for home directories"
-@@ -1923,26 +1998,32 @@ msgstr "Base pour les répertoires utilisateur"
- #: src/config/SSSDConfig/sssdoptions.py:553
- msgid "Indicate if a home directory should be created for new users."
- msgstr ""
-+"Indiquez si un répertoire d'accueil doit être créé pour les nouveaux "
-+"utilisateurs."
-
- #: src/config/SSSDConfig/sssdoptions.py:554
- msgid "Indicate if a home directory should be removed for deleted users."
- msgstr ""
-+"Indiquez si un répertoire d’accueil doit être supprimé pour les utilisateurs "
-+"supprimés."
-
- #: src/config/SSSDConfig/sssdoptions.py:555
- msgid "Specify the default permissions on a newly created home directory."
- msgstr ""
-+"Indiquez les autorisations par défaut sur un répertoire d'accueil "
-+"nouvellement créé."
-
- #: src/config/SSSDConfig/sssdoptions.py:556
- msgid "The skeleton directory."
--msgstr ""
-+msgstr "Le répertoire skeleton."
-
- #: src/config/SSSDConfig/sssdoptions.py:557
- msgid "The mail spool directory."
--msgstr ""
-+msgstr "Le répertoire mail spool."
-
- #: src/config/SSSDConfig/sssdoptions.py:558
- msgid "The command that is run after a user is removed."
--msgstr ""
-+msgstr "La commande qui est exécutée après la suppression d'un utilisateur."
-
- #: src/config/SSSDConfig/sssdoptions.py:561
- msgid "The number of preforked proxy children."
-@@ -1955,6 +2036,8 @@ msgstr "Nom de la bibliothèque NSS à utiliser"
- #: src/config/SSSDConfig/sssdoptions.py:565
- msgid "The name of the NSS library to use for hosts and networks lookups"
- msgstr ""
-+"Le nom de la bibliothèque du NSS à utiliser pour les recherches réseaux et "
-+"hôtes"
-
- #: src/config/SSSDConfig/sssdoptions.py:566
- msgid "Whether to look up canonical group name from cache if possible"
-@@ -2934,7 +3017,7 @@ msgstr ""
- #: src/tools/sssctl/sssctl_config.c:127
- #, c-format
- msgid "Failed to load configuration from %s.\n"
--msgstr ""
-+msgstr "Impossible de charger la configuration à partir de %s.\n"
-
- #: src/tools/sssctl/sssctl_config.c:133
- msgid "Error while reading configuration directory.\n"
-@@ -3363,3 +3446,4 @@ msgstr "Informe que le répondeur a été activé par un socket"
- #: src/util/util.h:94
- msgid "Informs that the responder has been dbus-activated"
- msgstr "Informe que le répondeur a été activé par un dbus"
-+
-diff --git a/po/ja.po b/po/ja.po
-index a5156184c..7dc9157d3 100644
---- a/po/ja.po
-+++ b/po/ja.po
-@@ -1,7 +1,7 @@
- # SOME DESCRIPTIVE TITLE.
- # Copyright (C) YEAR Red Hat, Inc.
- # This file is distributed under the same license as the PACKAGE package.
--#
-+#
- # Translators:
- # Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
- # Noriko Mizumoto <noriko.mizumoto@gmail.com>, 2016. #zanata
-@@ -16,8 +16,8 @@ msgstr ""
- "MIME-Version: 1.0\n"
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
--"PO-Revision-Date: 2020-06-18 09:13+0000\n"
--"Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
-+"PO-Revision-Date: 2020-07-22 07:46-0400\n"
-+"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
- "ja/)\n"
- "Language: ja\n"
-@@ -76,6 +76,9 @@ msgid ""
- "is in seconds and calculated by the following: offline_timeout + "
- "random_offset."
- msgstr ""
-+"SSSD "
-+"がオフラインモードに切り替わると、オンラインに戻ろうとするまでの時間が、切断の時間に基づいて長くなります。この値は秒単位で、offline_timeout "
-+"+ random_offset で計算されます。"
-
- #: src/config/SSSDConfig/sssdoptions.py:38
- msgid ""
-@@ -144,6 +147,7 @@ msgid ""
- "Controls if SSSD should monitor the state of resolv.conf to identify when it "
- "needs to update its internal DNS resolver."
- msgstr ""
-+"内部 DNS リゾルバーを更新する必要があるときを判断するために SSSD が resolv.conf の状態を監視するかどうかを制御します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:54
- msgid ""
-@@ -231,12 +235,13 @@ msgid ""
- "The value of this option will be used in the expansion of the "
- "override_homedir option if the template contains the format string %H."
- msgstr ""
-+"このオプションの値は、テンプレートに書式文字列 %H を含んでいる場合に override_homedir オプションの拡張で使用されます。"
-
- #: src/config/SSSDConfig/sssdoptions.py:77
- msgid ""
- "Specifies time in seconds for which the list of subdomains will be "
- "considered valid."
--msgstr ""
-+msgstr "サブドメインのリストが有効とみなされる時間を秒単位で指定します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:79
- msgid ""
-@@ -326,7 +331,7 @@ msgstr "スマートカード認証向けのデバイスの選択を PKCS#11 URI
-
- #: src/config/SSSDConfig/sssdoptions.py:103
- msgid "When shall the PAM responder force an initgroups request"
--msgstr ""
-+msgstr "PAM レスポンダーが initgroups リクエストを強制するとき"
-
- #: src/config/SSSDConfig/sssdoptions.py:106
- msgid "Whether to evaluate the time-based attributes in sudo rules"
-@@ -467,6 +472,8 @@ msgid ""
- "- No users are recorded. some - Users/groups specified by users and groups "
- "options are recorded. all - All users are recorded."
- msgstr ""
-+"セッション記録の範囲を指定する以下の文字列の 1 つ: none: 記録されたユーザーはいません。some: "
-+"ユーザーとグループオプションによって指定されているユーザー/グループが記録されています。all: すべてのユーザーが記録されます。"
-
- #: src/config/SSSDConfig/sssdoptions.py:157
- msgid ""
-@@ -474,6 +481,8 @@ msgid ""
- "Matches user names as returned by NSS. I.e. after the possible space "
- "replacement, case changes, etc."
- msgstr ""
-+"セッション記録を有効にしておくべきユーザーのカンマ区切りのリストです。NSS "
-+"が返すユーザー名にマッチします。つまり、スペースの置換、大文字小文字の変更などの可能性がある場合には、その後になります。"
-
- #: src/config/SSSDConfig/sssdoptions.py:159
- msgid ""
-@@ -481,6 +490,8 @@ msgid ""
- "recording enabled. Matches group names as returned by NSS. I.e. after the "
- "possible space replacement, case changes, etc."
- msgstr ""
-+"セッション記録を有効にしておくべきユーザーのグループごとのカンマ区切りのリストです。NSS "
-+"が返すグループ名にマッチします。つまり、スペースの置換、大文字小文字の変更などの可能性がある場合には、その後になります。"
-
- #: src/config/SSSDConfig/sssdoptions.py:164
- msgid "Identity provider"
-@@ -520,7 +531,7 @@ msgstr "セッションマネージャーのプロバイダー"
-
- #: src/config/SSSDConfig/sssdoptions.py:173
- msgid "Resolver provider"
--msgstr ""
-+msgstr "リゾルバープロバイダ"
-
- #: src/config/SSSDConfig/sssdoptions.py:176
- msgid "Whether the domain is usable by the OS or by applications"
-@@ -665,19 +676,19 @@ msgstr "Display a warning N days before the password expires."
- #: src/config/SSSDConfig/sssdoptions.py:216
- msgid ""
- "Various tags stored by the realmd configuration service for this domain."
--msgstr ""
-+msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。"
-
- #: src/config/SSSDConfig/sssdoptions.py:217
- msgid ""
- "The provider which should handle fetching of subdomains. This value should "
- "be always the same as id_provider."
--msgstr ""
-+msgstr "サブドメインの取得を処理する必要のあるプロバイダー。この値は常に id_provider と同じでなければなりません。"
-
- #: src/config/SSSDConfig/sssdoptions.py:219
- msgid ""
- "How many seconds to keep a host ssh key after refresh. IE how long to cache "
- "the host key for."
--msgstr ""
-+msgstr "リフレッシュ後にホストの ssh 鍵を保持するには何秒かかるか。IE ホストキーを何秒キャッシュするか。"
-
- #: src/config/SSSDConfig/sssdoptions.py:221
- msgid ""
-@@ -685,6 +696,8 @@ msgid ""
- "this value determines the minimal length the first authentication factor "
- "(long term password) must have to be saved as SHA512 hash into the cache."
- msgstr ""
-+"2-Factor-Authentication (2FA) が使用され、認証情報を保存する必要がある場合、この値は、最初の認証要素 (長期パスワード) "
-+"を SHA512 ハッシュとしてキャッシュに保存する必要がある最小の長さを決定します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:227
- msgid "IPA domain"
-@@ -788,24 +801,24 @@ msgstr "最後の要求がルールを何も見つけなかった場合の IPA
-
- #: src/config/SSSDConfig/sssdoptions.py:256
- msgid "The LDAP attribute that contains FQDN of the host."
--msgstr ""
-+msgstr "ホストの FQDN を含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:257
- #: src/config/SSSDConfig/sssdoptions.py:280
- msgid "The object class of a host entry in LDAP."
--msgstr ""
-+msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。"
-
- #: src/config/SSSDConfig/sssdoptions.py:258
- msgid "Use the given string as search base for host objects."
--msgstr ""
-+msgstr "ホストオブジェクトの検索ベースとして与えられた文字列を使用します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:259
- msgid "The LDAP attribute that contains the host's SSH public keys."
--msgstr ""
-+msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。"
-
- #: src/config/SSSDConfig/sssdoptions.py:260
- msgid "The LDAP attribute that contains NIS domain name of the netgroup."
--msgstr ""
-+msgstr "ネットグループの NIS ドメイン名を含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:261
- msgid "The LDAP attribute that contains the names of the netgroup's members."
-@@ -815,89 +828,91 @@ msgstr "The LDAP attribute that contains the names of the netgroup's members."
- msgid ""
- "The LDAP attribute that lists FQDNs of hosts and host groups that are "
- "members of the netgroup."
--msgstr ""
-+msgstr "ネットグループのメンバーであるホストとホストグループの FQDN を一覧表示する LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:264
- msgid ""
- "The LDAP attribute that lists hosts and host groups that are direct members "
- "of the netgroup."
--msgstr ""
-+msgstr "ネットグループの直接のメンバーであるホストとホストグループを一覧表示する LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:266
- msgid "The LDAP attribute that lists netgroup's memberships."
--msgstr ""
-+msgstr "ネットグループのメンバーシップを一覧表示する LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:267
- msgid ""
- "The LDAP attribute that lists system users and groups that are direct "
- "members of the netgroup."
--msgstr ""
-+msgstr "ネットグループの直接のメンバーであるシステムユーザーとグループを一覧表示する LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:269
- msgid "The LDAP attribute that corresponds to the netgroup name."
--msgstr ""
-+msgstr "ネットワークグループ名に対応する LDAP 属性です。"
-
- #: src/config/SSSDConfig/sssdoptions.py:270
- msgid "The object class of a netgroup entry in LDAP."
--msgstr ""
-+msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
-
- #: src/config/SSSDConfig/sssdoptions.py:271
- msgid ""
- "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
--msgstr ""
-+msgstr "LDAP ネットグループオブジェクトの UUID/GUID を含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:272
- msgid ""
- "The LDAP attribute that contains whether or not is user map enabled for "
- "usage."
--msgstr ""
-+msgstr "使用のためにユーザーマップが有効になっているかどうかを含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:274
- msgid "The LDAP attribute that contains host category such as 'all'."
--msgstr ""
-+msgstr "'all' などのホストカテゴリを含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:275
- msgid ""
- "The LDAP attribute that contains all hosts / hostgroups this rule match "
- "against."
--msgstr ""
-+msgstr "このルールがマッチするすべてのホスト/ホストグループを含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:277
- msgid ""
- "The LDAP attribute that contains all users / groups this rule match against."
--msgstr ""
-+msgstr "このルールがマッチするすべてのユーザー/グループを含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:279
- msgid "The LDAP attribute that contains the name of SELinux usermap."
--msgstr ""
-+msgstr "SELinux usermap の名前を含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:281
- msgid ""
- "The LDAP attribute that contains DN of HBAC rule which can be used for "
- "matching instead of memberUser and memberHost."
--msgstr ""
-+msgstr "memberUser および memberHost の代わりにマッチングに使用できる HBAC ルールの DN を含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:283
- msgid "The LDAP attribute that contains SELinux user string itself."
--msgstr ""
-+msgstr "SELinuxのユーザー文字列そのものを含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:284
- msgid "The LDAP attribute that contains user category such as 'all'."
--msgstr ""
-+msgstr "'all' などのユーザーカテゴリーを含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:285
- msgid "The LDAP attribute that contains unique ID of the user map."
--msgstr ""
-+msgstr "ユーザーマップの一意の ID を含む LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:286
- msgid ""
- "The option denotes that the SSSD is running on IPA server and should perform "
- "lookups of users and groups from trusted domains differently."
- msgstr ""
-+"このオプションは、SSSD が IPA "
-+"サーバー上で実行されており、信頼されたドメインからのユーザーとグループの検索を異なる方法で実行する必要があることを示します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:288
- msgid "Use the given string as search base for trusted domains."
--msgstr ""
-+msgstr "信頼されたドメインに対する検索ベースとして、与えられた文字列を使用します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:291
- msgid "Active Directory domain"
-@@ -995,7 +1010,7 @@ msgstr "マシンアカウントの更新タスクをチューニングするオ
-
- #: src/config/SSSDConfig/sssdoptions.py:315
- msgid "Whether to update the machine account password in the Samba database"
--msgstr ""
-+msgstr "Samba データベースのマシンアカウントパスワードを更新するかどうか"
-
- #: src/config/SSSDConfig/sssdoptions.py:317
- msgid "Use LDAPS port for LDAP and Global Catalog requests"
-@@ -1217,7 +1232,7 @@ msgstr "LDAP ライブラリーが SASL バインド中にホスト名を正規
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
--msgstr ""
-+msgstr "RFC2307 スキーマを使用するサーバーの LDAP グループのメンバーとしてローカルユーザーを保持することができます。"
-
- #: src/config/SSSDConfig/sssdoptions.py:384
- msgid "entryUSN attribute"
-@@ -1475,11 +1490,11 @@ msgstr "SSSD が従う最大ネストレベル"
-
- #: src/config/SSSDConfig/sssdoptions.py:454
- msgid "Filter for group lookups"
--msgstr ""
-+msgstr "グループ検索のフィルター"
-
- #: src/config/SSSDConfig/sssdoptions.py:455
- msgid "Scope of group lookups"
--msgstr ""
-+msgstr "グループ検索の範囲"
-
- #: src/config/SSSDConfig/sssdoptions.py:457
- msgid "Base DN for netgroup lookups"
-@@ -1716,47 +1731,47 @@ msgstr "automonter のマップ検索のベース DN"
-
- #: src/config/SSSDConfig/sssdoptions.py:529
- msgid "The name of the automount master map in LDAP."
--msgstr ""
-+msgstr "LDAP のオートマウントマスターマップの名前。"
-
- #: src/config/SSSDConfig/sssdoptions.py:532
- msgid "Base DN for IP hosts lookups"
--msgstr ""
-+msgstr "IP ホストのルックアップのためのベース DN"
-
- #: src/config/SSSDConfig/sssdoptions.py:533
- msgid "Object class for IP hosts"
--msgstr ""
-+msgstr "IP ホストのオブジェクトクラス"
-
- #: src/config/SSSDConfig/sssdoptions.py:534
- msgid "IP host name attribute"
--msgstr ""
-+msgstr "IP ホスト名属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:535
- msgid "IP host number (address) attribute"
--msgstr ""
-+msgstr "IP ホスト番号 (アドレス) 属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:536
- msgid "IP host entryUSN attribute"
--msgstr ""
-+msgstr "IP ホストエントリー USN 属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:537
- msgid "Base DN for IP networks lookups"
--msgstr ""
-+msgstr "IP ネットワーク検索のためのベース DN"
-
- #: src/config/SSSDConfig/sssdoptions.py:538
- msgid "Object class for IP networks"
--msgstr ""
-+msgstr "IP ネットワークのオブジェクトクラス"
-
- #: src/config/SSSDConfig/sssdoptions.py:539
- msgid "IP network name attribute"
--msgstr ""
-+msgstr "IP ネットワーク名属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:540
- msgid "IP network number (address) attribute"
--msgstr ""
-+msgstr "IP ネットワーク番号 (アドレス) 属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:541
- msgid "IP network entryUSN attribute"
--msgstr ""
-+msgstr "IP ネットワークエントリー USN 属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:544
- msgid "Comma separated list of allowed users"
-@@ -1790,27 +1805,27 @@ msgstr "ホームディレクトリーのベース"
-
- #: src/config/SSSDConfig/sssdoptions.py:553
- msgid "Indicate if a home directory should be created for new users."
--msgstr ""
-+msgstr "新しいユーザーのためにホームディレクトリーを作成するかどうかを示します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:554
- msgid "Indicate if a home directory should be removed for deleted users."
--msgstr ""
-+msgstr "削除されたユーザーのホームディレクトリーを削除するかどうかを示します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:555
- msgid "Specify the default permissions on a newly created home directory."
--msgstr ""
-+msgstr "新しく作成したホームディレクトリーのデフォルトのパーミッションを指定します。"
-
- #: src/config/SSSDConfig/sssdoptions.py:556
- msgid "The skeleton directory."
--msgstr ""
-+msgstr "スケルトンディレクトリー。"
-
- #: src/config/SSSDConfig/sssdoptions.py:557
- msgid "The mail spool directory."
--msgstr ""
-+msgstr "メールスプールディレクトリー。"
-
- #: src/config/SSSDConfig/sssdoptions.py:558
- msgid "The command that is run after a user is removed."
--msgstr ""
-+msgstr "ユーザーが削除された後に実行されるコマンド。"
-
- #: src/config/SSSDConfig/sssdoptions.py:561
- msgid "The number of preforked proxy children."
-@@ -1822,7 +1837,7 @@ msgstr "使用する NSS ライブラリーの名前"
-
- #: src/config/SSSDConfig/sssdoptions.py:565
- msgid "The name of the NSS library to use for hosts and networks lookups"
--msgstr ""
-+msgstr "ホストやネットワークの検索に使用する NSS ライブラリの名前"
-
- #: src/config/SSSDConfig/sssdoptions.py:566
- msgid "Whether to look up canonical group name from cache if possible"
-@@ -2746,7 +2761,7 @@ msgstr "ファイルの所有権とパーミッションの確認に失敗しま
- #: src/tools/sssctl/sssctl_config.c:127
- #, c-format
- msgid "Failed to load configuration from %s.\n"
--msgstr ""
-+msgstr "%s からの設定の読み込みに失敗しました。\n"
-
- #: src/tools/sssctl/sssctl_config.c:133
- msgid "Error while reading configuration directory.\n"
-@@ -3170,3 +3185,4 @@ msgstr "レスポンダーがソケットでアクティベートされたと知
- #: src/util/util.h:94
- msgid "Informs that the responder has been dbus-activated"
- msgstr "レスポンダーが dbus でアクティベートされたと知らせます"
-+
-diff --git a/po/zh_CN.po b/po/zh_CN.po
-index 892f81453..f33aef494 100644
---- a/po/zh_CN.po
-+++ b/po/zh_CN.po
-@@ -13,7 +13,7 @@ msgstr ""
- "MIME-Version: 1.0\n"
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
--"PO-Revision-Date: 2020-06-18 09:05+0000\n"
-+"PO-Revision-Date: 2020-07-22 07:46-0400\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
- "language/zh_CN/)\n"
-@@ -73,12 +73,14 @@ msgid ""
- "is in seconds and calculated by the following: offline_timeout + "
- "random_offset."
- msgstr ""
-+"当 SSSD 切换到脱机模式时,它尝试重新上线前的时间会根据断开连接的时间而增加。这个值以秒为单位,并使用以下公式计算:offline_timeout "
-+"+ random_offset。"
-
- #: src/config/SSSDConfig/sssdoptions.py:38
- msgid ""
- "Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
- "version 2."
--msgstr ""
-+msgstr "表示配置文件的语法是什么。SSSD 0.6.0 及以后的版本使用版本 2。"
-
- #: src/config/SSSDConfig/sssdoptions.py:39
- msgid "SSSD Services to start"
-@@ -138,7 +140,7 @@ msgstr "要查询的域的特定顺序"
- msgid ""
- "Controls if SSSD should monitor the state of resolv.conf to identify when it "
- "needs to update its internal DNS resolver."
--msgstr ""
-+msgstr "控制 SSSD 是否应监控 resolv.conf 的状态,以确定何时需要更新其内部 DNS 解析器。"
-
- #: src/config/SSSDConfig/sssdoptions.py:54
- msgid ""
-@@ -147,6 +149,8 @@ msgid ""
- "this, and will fall back to polling resolv.conf every five seconds if "
- "inotify cannot be used."
- msgstr ""
-+"SSSD 监视 resolv.conf 的状态,以确定何时需要更新其内部的 DNS 解析器。默认情况下,我们会尝试使用 inotify "
-+"进行。如果不能使用 inotify,则会回到每五秒轮询一次 resolv.conf 的状态。"
-
- #: src/config/SSSDConfig/sssdoptions.py:59
- msgid "Enumeration cache timeout length (seconds)"
-@@ -221,20 +225,20 @@ msgstr "内存缓存记录有效期的长度"
- msgid ""
- "The value of this option will be used in the expansion of the "
- "override_homedir option if the template contains the format string %H."
--msgstr ""
-+msgstr "如果模板中包含格式字符串%H,那么这个选项的值将被用于 override_homedir 选项的扩展。"
-
- #: src/config/SSSDConfig/sssdoptions.py:77
- msgid ""
- "Specifies time in seconds for which the list of subdomains will be "
- "considered valid."
--msgstr ""
-+msgstr "指定子域列表被视为有效的时间,以秒为单位。"
-
- #: src/config/SSSDConfig/sssdoptions.py:79
- msgid ""
- "The entry cache can be set to automatically update entries in the background "
- "if they are requested beyond a percentage of the entry_cache_timeout value "
- "for the domain."
--msgstr ""
-+msgstr "条目缓存可以设置为在后台自动更新条目,如果被请求的时间超过域名的 entry_cache_timeout 值的一个百分比。"
-
- #: src/config/SSSDConfig/sssdoptions.py:84
- msgid "How long to allow cached logins between online logins (days)"
-@@ -304,17 +308,17 @@ msgstr "允许服务使用智能卡"
-
- #: src/config/SSSDConfig/sssdoptions.py:101
- msgid "Additional timeout to wait for a card if requested"
--msgstr ""
-+msgstr "等待卡的额外超时,如果请求。"
-
- #: src/config/SSSDConfig/sssdoptions.py:102
- msgid ""
- "PKCS#11 URI to restrict the selection of devices for Smartcard "
- "authentication"
--msgstr ""
-+msgstr "PKCS#11 URI,用于限制智能卡认证设备的选择。"
-
- #: src/config/SSSDConfig/sssdoptions.py:103
- msgid "When shall the PAM responder force an initgroups request"
--msgstr ""
-+msgstr "什么时候 PAM 响应者要强制发起 initgroups 请求?"
-
- #: src/config/SSSDConfig/sssdoptions.py:106
- msgid "Whether to evaluate the time-based attributes in sudo rules"
-@@ -346,13 +350,13 @@ msgstr "到可信 CA 证书存储的路径"
-
- #: src/config/SSSDConfig/sssdoptions.py:119
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "允许从证书中生成 ssh-keys。"
-
- #: src/config/SSSDConfig/sssdoptions.py:120
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
--msgstr ""
-+msgstr "使用以下匹配规则来过滤生成 ssh-key 的证书。"
-
- #: src/config/SSSDConfig/sssdoptions.py:124
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -455,20 +459,21 @@ msgid ""
- "- No users are recorded. some - Users/groups specified by users and groups "
- "options are recorded. all - All users are recorded."
- msgstr ""
-+"使用以下字符串之一指定会话记录范围: none - 不记录用户。 some - 记录由用户和组选项指定的用户和组。 all - 记录所有用户。"
-
- #: src/config/SSSDConfig/sssdoptions.py:157
- msgid ""
- "A comma-separated list of users which should have session recording enabled. "
- "Matches user names as returned by NSS. I.e. after the possible space "
- "replacement, case changes, etc."
--msgstr ""
-+msgstr "以逗号分隔的用户列表,这些用户应该启用会话记录。匹配 NSS 返回的用户名。在可能的空格替换、大小写更改等之后。"
-
- #: src/config/SSSDConfig/sssdoptions.py:159
- msgid ""
- "A comma-separated list of groups, members of which should have session "
- "recording enabled. Matches group names as returned by NSS. I.e. after the "
- "possible space replacement, case changes, etc."
--msgstr ""
-+msgstr "以逗号分隔的组列表,其成员应已启用会话记录。匹配NSS 返回的组名。在可能的空格替换、大小写改变等之后。"
-
- #: src/config/SSSDConfig/sssdoptions.py:164
- msgid "Identity provider"
-@@ -508,7 +513,7 @@ msgstr "会话管理提供者"
-
- #: src/config/SSSDConfig/sssdoptions.py:173
- msgid "Resolver provider"
--msgstr ""
-+msgstr "解析器提供者"
-
- #: src/config/SSSDConfig/sssdoptions.py:176
- msgid "Whether the domain is usable by the OS or by applications"
-@@ -562,11 +567,11 @@ msgstr "上次成功登录后保留缓存条目的时间(天)"
- msgid ""
- "How long should SSSD talk to single DNS server before trying next server "
- "(miliseconds)"
--msgstr ""
-+msgstr "在尝试下一个服务器之前,SSSD 应该与一个 DNS 服务器联系多久(毫秒)?"
-
- #: src/config/SSSDConfig/sssdoptions.py:188
- msgid "How long should keep trying to resolve single DNS query (seconds)"
--msgstr ""
-+msgstr "尝试解析单个 DNS 查询需要多长时间(秒)?"
-
- #: src/config/SSSDConfig/sssdoptions.py:189
- msgid "How long to wait for replies from DNS when resolving servers (seconds)"
-@@ -648,24 +653,24 @@ msgstr "是否自动为用户创建私人组"
-
- #: src/config/SSSDConfig/sssdoptions.py:215
- msgid "Display a warning N days before the password expires."
--msgstr ""
-+msgstr "在密码过期前 N 天显示一个警告。"
-
- #: src/config/SSSDConfig/sssdoptions.py:216
- msgid ""
- "Various tags stored by the realmd configuration service for this domain."
--msgstr ""
-+msgstr "realmd 配置服务为这个域存储的各种标签。"
-
- #: src/config/SSSDConfig/sssdoptions.py:217
- msgid ""
- "The provider which should handle fetching of subdomains. This value should "
- "be always the same as id_provider."
--msgstr ""
-+msgstr "应该处理子域获取的提供者,这个值应始终和 id_provider 相同。"
-
- #: src/config/SSSDConfig/sssdoptions.py:219
- msgid ""
- "How many seconds to keep a host ssh key after refresh. IE how long to cache "
- "the host key for."
--msgstr ""
-+msgstr "刷新后主机 ssh 密钥要保留多少秒。IE 缓存主机密钥多长时间。"
-
- #: src/config/SSSDConfig/sssdoptions.py:221
- msgid ""
-@@ -673,6 +678,8 @@ msgid ""
- "this value determines the minimal length the first authentication factor "
- "(long term password) must have to be saved as SHA512 hash into the cache."
- msgstr ""
-+"如果使用 2-Factor-Authentication (2FA),应该保存凭证,这个值决定了第一个认证因素((期密码)必须以SHA512 "
-+"哈希值的形式保存到缓存中的最小长度。"
-
- #: src/config/SSSDConfig/sssdoptions.py:227
- msgid "IPA domain"
-@@ -776,116 +783,116 @@ msgstr "当最后一个请求未找到任何规则时,针对 IPA 服务器的D
-
- #: src/config/SSSDConfig/sssdoptions.py:256
- msgid "The LDAP attribute that contains FQDN of the host."
--msgstr ""
-+msgstr "包含主机 FQDN 的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:257
- #: src/config/SSSDConfig/sssdoptions.py:280
- msgid "The object class of a host entry in LDAP."
--msgstr ""
-+msgstr "LDAP 中主机条目的对象类。"
-
- #: src/config/SSSDConfig/sssdoptions.py:258
- msgid "Use the given string as search base for host objects."
--msgstr ""
-+msgstr "使用给定的字符串作为主机对象的搜索基础。"
-
- #: src/config/SSSDConfig/sssdoptions.py:259
- msgid "The LDAP attribute that contains the host's SSH public keys."
--msgstr ""
-+msgstr "包含主机 SSH 公钥的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:260
- msgid "The LDAP attribute that contains NIS domain name of the netgroup."
--msgstr ""
-+msgstr "包含 netgroup 的 NIS 域名的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:261
- msgid "The LDAP attribute that contains the names of the netgroup's members."
--msgstr ""
-+msgstr "包含 netgroup 成员名称的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:262
- msgid ""
- "The LDAP attribute that lists FQDNs of hosts and host groups that are "
- "members of the netgroup."
--msgstr ""
-+msgstr "列出属于 netgroup 成员的主机和主机组的 FQDN 的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:264
- msgid ""
- "The LDAP attribute that lists hosts and host groups that are direct members "
- "of the netgroup."
--msgstr ""
-+msgstr "LDAP属性,列出作为 netgroup 直接成员的主机和主机组。"
-
- #: src/config/SSSDConfig/sssdoptions.py:266
- msgid "The LDAP attribute that lists netgroup's memberships."
--msgstr ""
-+msgstr "列出 netgroup 成员资格的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:267
- msgid ""
- "The LDAP attribute that lists system users and groups that are direct "
- "members of the netgroup."
--msgstr ""
-+msgstr "LDAP 属性,列出作为 netgroup 直接成员的系统用户和组。"
-
- #: src/config/SSSDConfig/sssdoptions.py:269
- msgid "The LDAP attribute that corresponds to the netgroup name."
--msgstr ""
-+msgstr "与 netgroup 名称相对应的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:270
- msgid "The object class of a netgroup entry in LDAP."
--msgstr ""
-+msgstr "LDAP 中 netgroup 条目的对象类。"
-
- #: src/config/SSSDConfig/sssdoptions.py:271
- msgid ""
- "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
--msgstr ""
-+msgstr "包含 LDAP netgroup 对象的 UUID/GUID 的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:272
- msgid ""
- "The LDAP attribute that contains whether or not is user map enabled for "
- "usage."
--msgstr ""
-+msgstr "包含是否启用用户映射的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:274
- msgid "The LDAP attribute that contains host category such as 'all'."
--msgstr ""
-+msgstr "包含主机类别的 LDAP 属性,如'all'。"
-
- #: src/config/SSSDConfig/sssdoptions.py:275
- msgid ""
- "The LDAP attribute that contains all hosts / hostgroups this rule match "
- "against."
--msgstr ""
-+msgstr "包含此规则所匹配的所有主机/主机组的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:277
- msgid ""
- "The LDAP attribute that contains all users / groups this rule match against."
--msgstr ""
-+msgstr "包含该规则所匹配的所有用户/组的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:279
- msgid "The LDAP attribute that contains the name of SELinux usermap."
--msgstr ""
-+msgstr "包含 SELinux usermap 名称的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:281
- msgid ""
- "The LDAP attribute that contains DN of HBAC rule which can be used for "
- "matching instead of memberUser and memberHost."
--msgstr ""
-+msgstr "包含 HBAC 规则的 DN 的 LDAP 属性,可以用来代替 memberUser 和 memberHost 进行匹配。"
-
- #: src/config/SSSDConfig/sssdoptions.py:283
- msgid "The LDAP attribute that contains SELinux user string itself."
--msgstr ""
-+msgstr "包含 SELinux 用户字符串的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:284
- msgid "The LDAP attribute that contains user category such as 'all'."
--msgstr ""
-+msgstr "包含用户类别的 LDAP 属性,如'all'。"
-
- #: src/config/SSSDConfig/sssdoptions.py:285
- msgid "The LDAP attribute that contains unique ID of the user map."
--msgstr ""
-+msgstr "包含用户映射的唯一 ID 的 LDAP 属性。"
-
- #: src/config/SSSDConfig/sssdoptions.py:286
- msgid ""
- "The option denotes that the SSSD is running on IPA server and should perform "
- "lookups of users and groups from trusted domains differently."
--msgstr ""
-+msgstr "该选项表示 SSSD 在 IPA 服务器上运行,应该以不同的方式执行来自受信任域的用户和组的查找。"
-
- #: src/config/SSSDConfig/sssdoptions.py:288
- msgid "Use the given string as search base for trusted domains."
--msgstr ""
-+msgstr "使用给定的字符串作为可信域的搜索基础。"
-
- #: src/config/SSSDConfig/sssdoptions.py:291
- msgid "Active Directory domain"
-@@ -983,7 +990,7 @@ msgstr "用于调整机器帐户续订任务的选项"
-
- #: src/config/SSSDConfig/sssdoptions.py:315
- msgid "Whether to update the machine account password in the Samba database"
--msgstr ""
-+msgstr "是否要更新 Samba 数据库中的机器账户密码?"
-
- #: src/config/SSSDConfig/sssdoptions.py:317
- msgid "Use LDAPS port for LDAP and Global Catalog requests"
-@@ -1205,7 +1212,7 @@ msgstr "在 SASL绑定期间,LDAP 库是否应执行反向查找以规范化
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
--msgstr ""
-+msgstr "允许保留本地用户作为使用 RFC2307 模式的服务器的 LDAP 组成员。"
-
- #: src/config/SSSDConfig/sssdoptions.py:384
- msgid "entryUSN attribute"
-@@ -1463,11 +1470,11 @@ msgstr "将遵循的最大嵌套级别 SSSD"
-
- #: src/config/SSSDConfig/sssdoptions.py:454
- msgid "Filter for group lookups"
--msgstr ""
-+msgstr "组查询的过滤器"
-
- #: src/config/SSSDConfig/sssdoptions.py:455
- msgid "Scope of group lookups"
--msgstr ""
-+msgstr "组查询的范围"
-
- #: src/config/SSSDConfig/sssdoptions.py:457
- msgid "Base DN for netgroup lookups"
-@@ -1704,47 +1711,47 @@ msgstr "自动挂载程序映射查找的基本 DN"
-
- #: src/config/SSSDConfig/sssdoptions.py:529
- msgid "The name of the automount master map in LDAP."
--msgstr ""
-+msgstr "LDAP 中自动挂载主映射的名称。"
-
- #: src/config/SSSDConfig/sssdoptions.py:532
- msgid "Base DN for IP hosts lookups"
--msgstr ""
-+msgstr "IP 主机查询的基础 DN"
-
- #: src/config/SSSDConfig/sssdoptions.py:533
- msgid "Object class for IP hosts"
--msgstr ""
-+msgstr "IP 主机的对象类"
-
- #: src/config/SSSDConfig/sssdoptions.py:534
- msgid "IP host name attribute"
--msgstr ""
-+msgstr "IP 主机名属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:535
- msgid "IP host number (address) attribute"
--msgstr ""
-+msgstr "IP 主机号(地址)属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:536
- msgid "IP host entryUSN attribute"
--msgstr ""
-+msgstr "IP 主机 entryUSN 属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:537
- msgid "Base DN for IP networks lookups"
--msgstr ""
-+msgstr "IP 网络查询的基础 DN"
-
- #: src/config/SSSDConfig/sssdoptions.py:538
- msgid "Object class for IP networks"
--msgstr ""
-+msgstr "IP 网络的对象类"
-
- #: src/config/SSSDConfig/sssdoptions.py:539
- msgid "IP network name attribute"
--msgstr ""
-+msgstr "IP 网络名称属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:540
- msgid "IP network number (address) attribute"
--msgstr ""
-+msgstr "I P网号(地址)属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:541
- msgid "IP network entryUSN attribute"
--msgstr ""
-+msgstr "IP 网络 entryUSN 属性"
-
- #: src/config/SSSDConfig/sssdoptions.py:544
- msgid "Comma separated list of allowed users"
-@@ -1758,14 +1765,14 @@ msgstr "以逗号分隔的不允许的用户列表"
- msgid ""
- "Comma separated list of groups that are allowed to log in. This applies only "
- "to groups within this SSSD domain. Local groups are not evaluated."
--msgstr ""
-+msgstr "以逗号分隔的允许登录的组的列表。这只适用于此 SSSD 域内的组。本地组不被评估。"
-
- #: src/config/SSSDConfig/sssdoptions.py:548
- msgid ""
- "Comma separated list of groups that are explicitly denied access. This "
- "applies only to groups within this SSSD domain. Local groups are not "
- "evaluated."
--msgstr ""
-+msgstr "以逗号分隔的明确拒绝访问的组的列表。这只适用于此 SSSD 域内的组。本地组不被评估。"
-
- #: src/config/SSSDConfig/sssdoptions.py:552
- msgid "Base for home directories"
-@@ -1773,27 +1780,27 @@ msgstr "家目录的基础"
-
- #: src/config/SSSDConfig/sssdoptions.py:553
- msgid "Indicate if a home directory should be created for new users."
--msgstr ""
-+msgstr "指定是否应该为新用户创建主目录。"
-
- #: src/config/SSSDConfig/sssdoptions.py:554
- msgid "Indicate if a home directory should be removed for deleted users."
--msgstr ""
-+msgstr "指定是否要删除已删除用户的主目录。"
-
- #: src/config/SSSDConfig/sssdoptions.py:555
- msgid "Specify the default permissions on a newly created home directory."
--msgstr ""
-+msgstr "指定新创建的主目录的默认权限。"
-
- #: src/config/SSSDConfig/sssdoptions.py:556
- msgid "The skeleton directory."
--msgstr ""
-+msgstr "skeleton 目录。"
-
- #: src/config/SSSDConfig/sssdoptions.py:557
- msgid "The mail spool directory."
--msgstr ""
-+msgstr "邮件 spool 目录。"
-
- #: src/config/SSSDConfig/sssdoptions.py:558
- msgid "The command that is run after a user is removed."
--msgstr ""
-+msgstr "用户被删除后运行的命令。"
-
- #: src/config/SSSDConfig/sssdoptions.py:561
- msgid "The number of preforked proxy children."
-@@ -1805,7 +1812,7 @@ msgstr "使用的 NSS 库的名称"
-
- #: src/config/SSSDConfig/sssdoptions.py:565
- msgid "The name of the NSS library to use for hosts and networks lookups"
--msgstr ""
-+msgstr "用于查询主机和网络的 NSS 库名称。"
-
- #: src/config/SSSDConfig/sssdoptions.py:566
- msgid "Whether to look up canonical group name from cache if possible"
-@@ -1846,7 +1853,7 @@ msgstr "刷新配置数据库,然后退出"
-
- #: src/monitor/monitor.c:2383
- msgid "Similar to --genconf, but only refreshes the given section"
--msgstr ""
-+msgstr "类似于 --genconf,但只刷新指定的部分。"
-
- #: src/monitor/monitor.c:2386
- msgid "Print version number and exit"
-@@ -1934,11 +1941,11 @@ msgstr "SSSD 没有由 root 运行。"
-
- #: src/sss_client/common.c:1091
- msgid "SSSD socket does not exist."
--msgstr ""
-+msgstr "SSSD socket 不存在。"
-
- #: src/sss_client/common.c:1094
- msgid "Cannot get stat of SSSD socket."
--msgstr ""
-+msgstr "无法获取 SSSD socket 的统计数据。"
-
- #: src/sss_client/common.c:1099
- msgid "An error occurred, but no description can be found."
-@@ -2711,12 +2718,12 @@ msgstr "使用组 ID 搜索"
- #: src/tools/sssctl/sssctl_config.c:112
- #, c-format
- msgid "Failed to open %s\n"
--msgstr ""
-+msgstr "打开失败:%s\n"
-
- #: src/tools/sssctl/sssctl_config.c:117
- #, c-format
- msgid "File %1$s does not exist.\n"
--msgstr ""
-+msgstr "文件 %1$s 不存在\n"
-
- #: src/tools/sssctl/sssctl_config.c:121
- msgid ""
-@@ -2726,21 +2733,21 @@ msgstr "文件所有权和权限检查失败。预期的是 root:root 和 0600
- #: src/tools/sssctl/sssctl_config.c:127
- #, c-format
- msgid "Failed to load configuration from %s.\n"
--msgstr ""
-+msgstr "从 %s 加载配置失败。\n"
-
- #: src/tools/sssctl/sssctl_config.c:133
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "读取配置目录时出错。\n"
-
- #: src/tools/sssctl/sssctl_config.c:141
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
--msgstr ""
-+msgstr "没有配置。SSSD 将使用默认配置与文件提供者。\n"
-
- #: src/tools/sssctl/sssctl_config.c:153
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "运行验证器失败"
-
- #: src/tools/sssctl/sssctl_config.c:157
- #, c-format
-@@ -2755,7 +2762,7 @@ msgstr "配置合并期间生成的消息: %zu\n"
- #: src/tools/sssctl/sssctl_config.c:179
- #, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr ""
-+msgstr "所使用的配置摘要文件: %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2834,7 +2841,7 @@ msgstr "显示域列表,包括主要或受信任的域类型"
- #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
- #: src/tools/sssctl/sssctl_user_checks.c:95
- msgid "Unable to connect to system bus!\n"
--msgstr ""
-+msgstr "无法连接到系统总线!\n"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Online"
-@@ -2851,7 +2858,7 @@ msgstr "在线状态: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
- msgid "This domain has no active servers.\n"
--msgstr ""
-+msgstr "这个域没有活跃的服务器。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-@@ -2863,7 +2870,7 @@ msgstr "未连接"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "没有发现服务器。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
-@@ -3150,3 +3157,4 @@ msgstr "通知响应者已被套接字激活"
- #: src/util/util.h:94
- msgid "Informs that the responder has been dbus-activated"
- msgstr "通知响应者已被 dbus 激活"
-+
---
-2.21.3
-
diff --git a/SOURCES/0038-sssctl-sssctl-config-check-alternative-snippet-dir.patch b/SOURCES/0038-sssctl-sssctl-config-check-alternative-snippet-dir.patch
deleted file mode 100644
index c4aa6ad..0000000
--- a/SOURCES/0038-sssctl-sssctl-config-check-alternative-snippet-dir.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 72b8e02c77f0b0b7e36663fa3bd3fd6987ea1b80 Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Mon, 13 Jul 2020 18:11:40 +0200
-Subject: [PATCH] sssctl: sssctl config-check alternative snippet dir
-
-The sssctl config-check now allows to specify not only alternative
-config file but also snippet dir.
-
- sssctl config-check -c ./sssd.conf -s /etc/sssd/conf.d
-
-Configuration snippets are still looked up in the same place under
-conf.d directory by default. It would be in ./conf.d/ for the example
-above.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5142
-
-Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
----
- src/tools/sssctl/sssctl_config.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
-index de9f3de6e..db4aeeae4 100644
---- a/src/tools/sssctl/sssctl_config.c
-+++ b/src/tools/sssctl/sssctl_config.c
-@@ -75,6 +75,11 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
- struct poptOption long_options[] = {
- {"config", 'c', POPT_ARG_STRING, &config_path,
- 0, _("Specify a non-default config file"), NULL},
-+ {"snippet", 's', POPT_ARG_STRING, &config_snippet_path,
-+ 0, _("Specify a non-default snippet dir (The default is to look in "
-+ "the same place where the main config file is located. For "
-+ "example if the config is set to \"/my/path/sssd.conf\", "
-+ "the snippet dir \"/my/path/conf.d\" is used)"), NULL},
- POPT_TABLEEND
- };
-
-@@ -92,16 +97,17 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
- goto done;
- }
-
-- if (config_path != NULL) {
-+ if (config_path == NULL) {
-+ config_path = SSSD_CONFIG_FILE;
-+ }
-+
-+ if (config_snippet_path == NULL) {
- config_snippet_path = sssctl_config_snippet_path(tmp_ctx, config_path);
- if (config_snippet_path == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create snippet path\n");
- ret = ENOMEM;
- goto done;
- }
-- } else {
-- config_path = SSSD_CONFIG_FILE;
-- config_snippet_path = CONFDB_DEFAULT_CONFIG_DIR;
- }
-
- ret = sss_ini_read_sssd_conf(init_data,
---
-2.21.3
-
diff --git a/SOURCES/0039-certmap-sanitize-LDAP-search-filter.patch b/SOURCES/0039-certmap-sanitize-LDAP-search-filter.patch
deleted file mode 100644
index 909222b..0000000
--- a/SOURCES/0039-certmap-sanitize-LDAP-search-filter.patch
+++ /dev/null
@@ -1,651 +0,0 @@
-From a2b9a84460429181f2a4fa7e2bb5ab49fd561274 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Mon, 9 Dec 2019 11:31:14 +0100
-Subject: [PATCH] certmap: sanitize LDAP search filter
-
-The sss_certmap_get_search_filter() will now sanitize the values read
-from the certificates before adding them to a search filter. To be able
-to get the plain values as well sss_certmap_expand_mapping_rule() is
-added.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5135
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- Makefile.am | 2 +-
- src/lib/certmap/sss_certmap.c | 42 ++++++++++--
- src/lib/certmap/sss_certmap.exports | 5 ++
- src/lib/certmap/sss_certmap.h | 35 ++++++++--
- src/responder/pam/pamsrv_p11.c | 5 +-
- src/tests/cmocka/test_certmap.c | 98 +++++++++++++++++++++++++++-
- src/util/util.c | 94 ---------------------------
- src/util/util_ext.c | 99 +++++++++++++++++++++++++++++
- 8 files changed, 272 insertions(+), 108 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 059e1eaf6..4bacabdda 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -2163,7 +2163,7 @@ libsss_certmap_la_LIBADD = \
- $(NULL)
- libsss_certmap_la_LDFLAGS = \
- -Wl,--version-script,$(srcdir)/src/lib/certmap/sss_certmap.exports \
-- -version-info 1:0:1
-+ -version-info 2:0:2
-
- if HAVE_NSS
- libsss_certmap_la_SOURCES += \
-diff --git a/src/lib/certmap/sss_certmap.c b/src/lib/certmap/sss_certmap.c
-index 703782b53..f19e57732 100644
---- a/src/lib/certmap/sss_certmap.c
-+++ b/src/lib/certmap/sss_certmap.c
-@@ -441,10 +441,12 @@ static int expand_san(struct sss_certmap_ctx *ctx,
- static int expand_template(struct sss_certmap_ctx *ctx,
- struct parsed_template *parsed_template,
- struct sss_cert_content *cert_content,
-+ bool sanitize,
- char **expanded)
- {
- int ret;
- char *exp = NULL;
-+ char *exp_sanitized = NULL;
-
- if (strcmp("issuer_dn", parsed_template->name) == 0) {
- ret = rdn_list_2_dn_str(ctx, parsed_template->conversion,
-@@ -455,6 +457,8 @@ static int expand_template(struct sss_certmap_ctx *ctx,
- } else if (strncmp("subject_", parsed_template->name, 8) == 0) {
- ret = expand_san(ctx, parsed_template, cert_content->san_list, &exp);
- } else if (strcmp("cert", parsed_template->name) == 0) {
-+ /* cert blob is already sanitized */
-+ sanitize = false;
- ret = expand_cert(ctx, parsed_template, cert_content, &exp);
- } else {
- CM_DEBUG(ctx, "Unsupported template name.");
-@@ -471,6 +475,16 @@ static int expand_template(struct sss_certmap_ctx *ctx,
- goto done;
- }
-
-+ if (sanitize) {
-+ ret = sss_filter_sanitize(ctx, exp, &exp_sanitized);
-+ if (ret != EOK) {
-+ CM_DEBUG(ctx, "Failed to sanitize expanded template.");
-+ goto done;
-+ }
-+ talloc_free(exp);
-+ exp = exp_sanitized;
-+ }
-+
- ret = 0;
-
- done:
-@@ -485,7 +499,7 @@ done:
-
- static int get_filter(struct sss_certmap_ctx *ctx,
- struct ldap_mapping_rule *parsed_mapping_rule,
-- struct sss_cert_content *cert_content,
-+ struct sss_cert_content *cert_content, bool sanitize,
- char **filter)
- {
- struct ldap_mapping_rule_comp *comp;
-@@ -503,7 +517,7 @@ static int get_filter(struct sss_certmap_ctx *ctx,
- result = talloc_strdup_append(result, comp->val);
- } else if (comp->type == comp_template) {
- ret = expand_template(ctx, comp->parsed_template, cert_content,
-- &expanded);
-+ sanitize, &expanded);
- if (ret != 0) {
- CM_DEBUG(ctx, "Failed to expanded template.");
- goto done;
-@@ -791,8 +805,9 @@ done:
- return ret;
- }
-
--int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
-+static int expand_mapping_rule_ex(struct sss_certmap_ctx *ctx,
- const uint8_t *der_cert, size_t der_size,
-+ bool sanitize,
- char **_filter, char ***_domains)
- {
- int ret;
-@@ -819,7 +834,8 @@ int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
- return EINVAL;
- }
-
-- ret = get_filter(ctx, ctx->default_mapping_rule, cert_content, &filter);
-+ ret = get_filter(ctx, ctx->default_mapping_rule, cert_content, sanitize,
-+ &filter);
- goto done;
- }
-
-@@ -829,7 +845,7 @@ int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
- if (ret == 0) {
- /* match */
- ret = get_filter(ctx, r->parsed_mapping_rule, cert_content,
-- &filter);
-+ sanitize, &filter);
- if (ret != 0) {
- CM_DEBUG(ctx, "Failed to get filter");
- goto done;
-@@ -873,6 +889,22 @@ done:
- return ret;
- }
-
-+int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
-+ const uint8_t *der_cert, size_t der_size,
-+ char **_filter, char ***_domains)
-+{
-+ return expand_mapping_rule_ex(ctx, der_cert, der_size, true,
-+ _filter, _domains);
-+}
-+
-+int sss_certmap_expand_mapping_rule(struct sss_certmap_ctx *ctx,
-+ const uint8_t *der_cert, size_t der_size,
-+ char **_expanded, char ***_domains)
-+{
-+ return expand_mapping_rule_ex(ctx, der_cert, der_size, false,
-+ _expanded, _domains);
-+}
-+
- int sss_certmap_init(TALLOC_CTX *mem_ctx,
- sss_certmap_ext_debug *debug, void *debug_priv,
- struct sss_certmap_ctx **ctx)
-diff --git a/src/lib/certmap/sss_certmap.exports b/src/lib/certmap/sss_certmap.exports
-index a9e48d6d0..7d7667738 100644
---- a/src/lib/certmap/sss_certmap.exports
-+++ b/src/lib/certmap/sss_certmap.exports
-@@ -16,3 +16,8 @@ SSS_CERTMAP_0.1 {
- global:
- sss_certmap_display_cert_content;
- } SSS_CERTMAP_0.0;
-+
-+SSS_CERTMAP_0.2 {
-+ global:
-+ sss_certmap_expand_mapping_rule;
-+} SSS_CERTMAP_0.1;
-diff --git a/src/lib/certmap/sss_certmap.h b/src/lib/certmap/sss_certmap.h
-index 7da2d1c58..058d4f9e4 100644
---- a/src/lib/certmap/sss_certmap.h
-+++ b/src/lib/certmap/sss_certmap.h
-@@ -103,7 +103,7 @@ int sss_certmap_add_rule(struct sss_certmap_ctx *ctx,
- *
- * @param[in] ctx certmap context previously initialized with
- * @ref sss_certmap_init
-- * @param[in] der_cert binary blog with the DER encoded certificate
-+ * @param[in] der_cert binary blob with the DER encoded certificate
- * @param[in] der_size size of the certificate blob
- *
- * @return
-@@ -119,10 +119,11 @@ int sss_certmap_match_cert(struct sss_certmap_ctx *ctx,
- *
- * @param[in] ctx certmap context previously initialized with
- * @ref sss_certmap_init
-- * @param[in] der_cert binary blog with the DER encoded certificate
-+ * @param[in] der_cert binary blob with the DER encoded certificate
- * @param[in] der_size size of the certificate blob
-- * @param[out] filter LDAP filter string, caller should free the data by
-- * calling sss_certmap_free_filter_and_domains
-+ * @param[out] filter LDAP filter string, expanded templates are sanitized,
-+ * caller should free the data by calling
-+ * sss_certmap_free_filter_and_domains
- * @param[out] domains NULL-terminated array of strings with the domains the
- * rule applies, caller should free the data by calling
- * sss_certmap_free_filter_and_domains
-@@ -136,8 +137,32 @@ int sss_certmap_get_search_filter(struct sss_certmap_ctx *ctx,
- const uint8_t *der_cert, size_t der_size,
- char **filter, char ***domains);
-
-+/**
-+ * @brief Expand the mapping rule by replacing the templates
-+ *
-+ * @param[in] ctx certmap context previously initialized with
-+ * @ref sss_certmap_init
-+ * @param[in] der_cert binary blob with the DER encoded certificate
-+ * @param[in] der_size size of the certificate blob
-+ * @param[out] expanded expanded mapping rule, templates are filled in
-+ * verbatim in contrast to sss_certmap_get_search_filter,
-+ * caller should free the data by
-+ * calling sss_certmap_free_filter_and_domains
-+ * @param[out] domains NULL-terminated array of strings with the domains the
-+ * rule applies, caller should free the data by calling
-+ * sss_certmap_free_filter_and_domains
-+ *
-+ * @return
-+ * - 0: certificate matches a rule
-+ * - ENOENT: certificate does not match
-+ * - EINVAL: internal error
-+ */
-+int sss_certmap_expand_mapping_rule(struct sss_certmap_ctx *ctx,
-+ const uint8_t *der_cert, size_t der_size,
-+ char **_expanded, char ***_domains);
- /**
- * @brief Free data returned by @ref sss_certmap_get_search_filter
-+ * and @ref sss_certmap_expand_mapping_rule
- *
- * @param[in] filter LDAP filter strings returned by
- * sss_certmap_get_search_filter
-@@ -150,7 +175,7 @@ void sss_certmap_free_filter_and_domains(char *filter, char **domains);
- * @brief Get a string with the content of the certificate used by the library
- *
- * @param[in] mem_ctx Talloc memory context, may be NULL
-- * @param[in] der_cert binary blog with the DER encoded certificate
-+ * @param[in] der_cert binary blob with the DER encoded certificate
- * @param[in] der_size size of the certificate blob
- * @param[out] desc Multiline string showing the certificate content
- * which is used by libsss_certmap
-diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
-index 3f0afaeff..cdf239e07 100644
---- a/src/responder/pam/pamsrv_p11.c
-+++ b/src/responder/pam/pamsrv_p11.c
-@@ -1049,9 +1049,10 @@ static char *get_cert_prompt(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-- ret = sss_certmap_get_search_filter(ctx, der, der_size, &filter, &domains);
-+ ret = sss_certmap_expand_mapping_rule(ctx, der, der_size,
-+ &filter, &domains);
- if (ret != 0) {
-- DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_get_search_filter failed.\n");
-+ DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_expand_mapping_rule failed.\n");
- goto done;
- }
-
-diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c
-index c882202a0..232ff7878 100644
---- a/src/tests/cmocka/test_certmap.c
-+++ b/src/tests/cmocka/test_certmap.c
-@@ -1431,6 +1431,15 @@ static void test_sss_certmap_get_search_filter(void **state)
- &filter, &domains);
- assert_int_equal(ret, 0);
- assert_non_null(filter);
-+ assert_string_equal(filter, "rule100=<I>CN=Certificate\\20Authority,O=IPA.DEVEL"
-+ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
-+ assert_null(domains);
-+
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
-+ sizeof(test_cert_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
- assert_string_equal(filter, "rule100=<I>CN=Certificate Authority,O=IPA.DEVEL"
- "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
- assert_null(domains);
-@@ -1445,6 +1454,17 @@ static void test_sss_certmap_get_search_filter(void **state)
- &filter, &domains);
- assert_int_equal(ret, 0);
- assert_non_null(filter);
-+ assert_string_equal(filter, "rule99=<I>CN=Certificate\\20Authority,O=IPA.DEVEL"
-+ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
-+ assert_non_null(domains);
-+ assert_string_equal(domains[0], "test.dom");
-+ assert_null(domains[1]);
-+
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
-+ sizeof(test_cert_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
- assert_string_equal(filter, "rule99=<I>CN=Certificate Authority,O=IPA.DEVEL"
- "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
- assert_non_null(domains);
-@@ -1466,6 +1486,16 @@ static void test_sss_certmap_get_search_filter(void **state)
- assert_string_equal(domains[0], "test.dom");
- assert_null(domains[1]);
-
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
-+ sizeof(test_cert_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
-+ assert_string_equal(filter, "rule98=userCertificate;binary=" TEST_CERT_BIN);
-+ assert_non_null(domains);
-+ assert_string_equal(domains[0], "test.dom");
-+ assert_null(domains[1]);
-+
- ret = sss_certmap_add_rule(ctx, 97,
- "KRB5:<ISSUER>CN=Certificate Authority,O=IPA.DEVEL",
- "LDAP:rule97=<I>{issuer_dn!nss_x500}<S>{subject_dn}",
-@@ -1476,6 +1506,17 @@ static void test_sss_certmap_get_search_filter(void **state)
- &filter, &domains);
- assert_int_equal(ret, 0);
- assert_non_null(filter);
-+ assert_string_equal(filter, "rule97=<I>O=IPA.DEVEL,CN=Certificate\\20Authority"
-+ "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
-+ assert_non_null(domains);
-+ assert_string_equal(domains[0], "test.dom");
-+ assert_null(domains[1]);
-+
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
-+ sizeof(test_cert_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
- assert_string_equal(filter, "rule97=<I>O=IPA.DEVEL,CN=Certificate Authority"
- "<S>CN=ipa-devel.ipa.devel,O=IPA.DEVEL");
- assert_non_null(domains);
-@@ -1492,6 +1533,17 @@ static void test_sss_certmap_get_search_filter(void **state)
- &filter, &domains);
- assert_int_equal(ret, 0);
- assert_non_null(filter);
-+ assert_string_equal(filter, "rule96=<I>O=IPA.DEVEL,CN=Certificate\\20Authority"
-+ "<S>O=IPA.DEVEL,CN=ipa-devel.ipa.devel");
-+ assert_non_null(domains);
-+ assert_string_equal(domains[0], "test.dom");
-+ assert_null(domains[1]);
-+
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
-+ sizeof(test_cert_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
- assert_string_equal(filter, "rule96=<I>O=IPA.DEVEL,CN=Certificate Authority"
- "<S>O=IPA.DEVEL,CN=ipa-devel.ipa.devel");
- assert_non_null(domains);
-@@ -1510,6 +1562,14 @@ static void test_sss_certmap_get_search_filter(void **state)
- assert_string_equal(filter, "(userCertificate;binary=" TEST_CERT_BIN ")");
- assert_null(domains);
-
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
-+ sizeof(test_cert_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
-+ assert_string_equal(filter, "(userCertificate;binary=" TEST_CERT_BIN ")");
-+ assert_null(domains);
-+
- ret = sss_certmap_add_rule(ctx, 94,
- "KRB5:<ISSUER>CN=Certificate Authority,O=IPA.DEVEL",
- "LDAP:rule94=<I>{issuer_dn!ad_x500}<S>{subject_dn!ad_x500}",
-@@ -1520,12 +1580,22 @@ static void test_sss_certmap_get_search_filter(void **state)
- &filter, &domains);
- assert_int_equal(ret, 0);
- assert_non_null(filter);
-- assert_string_equal(filter, "rule94=<I>O=IPA.DEVEL,CN=Certificate Authority"
-+ assert_string_equal(filter, "rule94=<I>O=IPA.DEVEL,CN=Certificate\\20Authority"
- "<S>O=IPA.DEVEL,CN=ipa-devel.ipa.devel");
- assert_non_null(domains);
- assert_string_equal(domains[0], "test.dom");
- assert_null(domains[1]);
-
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert_der),
-+ sizeof(test_cert_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
-+ assert_string_equal(filter, "rule94=<I>O=IPA.DEVEL,CN=Certificate Authority"
-+ "<S>O=IPA.DEVEL,CN=ipa-devel.ipa.devel");
-+ assert_non_null(domains);
-+ assert_string_equal(domains[0], "test.dom");
-+ assert_null(domains[1]);
-
- ret = sss_certmap_add_rule(ctx, 89, NULL,
- "(rule89={subject_nt_principal})",
-@@ -1539,6 +1609,14 @@ static void test_sss_certmap_get_search_filter(void **state)
- assert_string_equal(filter, "(rule89=tu1@ad.devel)");
- assert_null(domains);
-
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert2_der),
-+ sizeof(test_cert2_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
-+ assert_string_equal(filter, "(rule89=tu1@ad.devel)");
-+ assert_null(domains);
-+
- ret = sss_certmap_add_rule(ctx, 88, NULL,
- "(rule88={subject_nt_principal.short_name})",
- NULL);
-@@ -1560,6 +1638,15 @@ static void test_sss_certmap_get_search_filter(void **state)
- &filter, &domains);
- assert_int_equal(ret, 0);
- assert_non_null(filter);
-+ assert_string_equal(filter, "rule87=<I>DC=devel,DC=ad,CN=ad-AD-SERVER-CA"
-+ "<S>DC=devel,DC=ad,CN=Users,CN=t\\20u,E=test.user@email.domain");
-+ assert_null(domains);
-+
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert2_der),
-+ sizeof(test_cert2_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
- assert_string_equal(filter, "rule87=<I>DC=devel,DC=ad,CN=ad-AD-SERVER-CA"
- "<S>DC=devel,DC=ad,CN=Users,CN=t u,E=test.user@email.domain");
- assert_null(domains);
-@@ -1573,6 +1660,15 @@ static void test_sss_certmap_get_search_filter(void **state)
- &filter, &domains);
- assert_int_equal(ret, 0);
- assert_non_null(filter);
-+ assert_string_equal(filter, "rule86=<I>DC=devel,DC=ad,CN=ad-AD-SERVER-CA"
-+ "<S>DC=devel,DC=ad,CN=Users,CN=t\\20u,E=test.user@email.domain");
-+ assert_null(domains);
-+
-+ ret = sss_certmap_expand_mapping_rule(ctx, discard_const(test_cert2_der),
-+ sizeof(test_cert2_der),
-+ &filter, &domains);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(filter);
- assert_string_equal(filter, "rule86=<I>DC=devel,DC=ad,CN=ad-AD-SERVER-CA"
- "<S>DC=devel,DC=ad,CN=Users,CN=t u,E=test.user@email.domain");
- assert_null(domains);
-diff --git a/src/util/util.c b/src/util/util.c
-index d9bd3cb59..19d447328 100644
---- a/src/util/util.c
-+++ b/src/util/util.c
-@@ -436,100 +436,6 @@ errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count,
- return sss_hash_create_ex(mem_ctx, count, tbl, 0, 0, 0, 0, NULL, NULL);
- }
-
--errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
-- const char *input,
-- char **sanitized,
-- const char *ignore)
--{
-- char *output;
-- size_t i = 0;
-- size_t j = 0;
-- char *allowed;
--
-- /* Assume the worst-case. We'll resize it later, once */
-- output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1);
-- if (!output) {
-- return ENOMEM;
-- }
--
-- while (input[i]) {
-- /* Even though this character might have a special meaning, if it's
-- * explicitly allowed, just copy it and move on
-- */
-- if (ignore == NULL) {
-- allowed = NULL;
-- } else {
-- allowed = strchr(ignore, input[i]);
-- }
-- if (allowed) {
-- output[j++] = input[i++];
-- continue;
-- }
--
-- switch(input[i]) {
-- case '\t':
-- output[j++] = '\\';
-- output[j++] = '0';
-- output[j++] = '9';
-- break;
-- case ' ':
-- output[j++] = '\\';
-- output[j++] = '2';
-- output[j++] = '0';
-- break;
-- case '*':
-- output[j++] = '\\';
-- output[j++] = '2';
-- output[j++] = 'a';
-- break;
-- case '(':
-- output[j++] = '\\';
-- output[j++] = '2';
-- output[j++] = '8';
-- break;
-- case ')':
-- output[j++] = '\\';
-- output[j++] = '2';
-- output[j++] = '9';
-- break;
-- case '\\':
-- output[j++] = '\\';
-- output[j++] = '5';
-- output[j++] = 'c';
-- break;
-- case '\r':
-- output[j++] = '\\';
-- output[j++] = '0';
-- output[j++] = 'd';
-- break;
-- case '\n':
-- output[j++] = '\\';
-- output[j++] = '0';
-- output[j++] = 'a';
-- break;
-- default:
-- output[j++] = input[i];
-- }
--
-- i++;
-- }
-- output[j] = '\0';
-- *sanitized = talloc_realloc(mem_ctx, output, char, j+1);
-- if (!*sanitized) {
-- talloc_free(output);
-- return ENOMEM;
-- }
--
-- return EOK;
--}
--
--errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
-- const char *input,
-- char **sanitized)
--{
-- return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL);
--}
--
- char *
- sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr)
- {
-diff --git a/src/util/util_ext.c b/src/util/util_ext.c
-index 04dc02a8a..a89b60f76 100644
---- a/src/util/util_ext.c
-+++ b/src/util/util_ext.c
-@@ -29,6 +29,11 @@
-
- #define EOK 0
-
-+#ifndef HAVE_ERRNO_T
-+#define HAVE_ERRNO_T
-+typedef int errno_t;
-+#endif
-+
- int split_on_separator(TALLOC_CTX *mem_ctx, const char *str,
- const char sep, bool trim, bool skip_empty,
- char ***_list, int *size)
-@@ -141,3 +146,97 @@ bool string_in_list(const char *string, char **list, bool case_sensitive)
-
- return false;
- }
-+
-+errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
-+ const char *input,
-+ char **sanitized,
-+ const char *ignore)
-+{
-+ char *output;
-+ size_t i = 0;
-+ size_t j = 0;
-+ char *allowed;
-+
-+ /* Assume the worst-case. We'll resize it later, once */
-+ output = talloc_array(mem_ctx, char, strlen(input) * 3 + 1);
-+ if (!output) {
-+ return ENOMEM;
-+ }
-+
-+ while (input[i]) {
-+ /* Even though this character might have a special meaning, if it's
-+ * explicitly allowed, just copy it and move on
-+ */
-+ if (ignore == NULL) {
-+ allowed = NULL;
-+ } else {
-+ allowed = strchr(ignore, input[i]);
-+ }
-+ if (allowed) {
-+ output[j++] = input[i++];
-+ continue;
-+ }
-+
-+ switch(input[i]) {
-+ case '\t':
-+ output[j++] = '\\';
-+ output[j++] = '0';
-+ output[j++] = '9';
-+ break;
-+ case ' ':
-+ output[j++] = '\\';
-+ output[j++] = '2';
-+ output[j++] = '0';
-+ break;
-+ case '*':
-+ output[j++] = '\\';
-+ output[j++] = '2';
-+ output[j++] = 'a';
-+ break;
-+ case '(':
-+ output[j++] = '\\';
-+ output[j++] = '2';
-+ output[j++] = '8';
-+ break;
-+ case ')':
-+ output[j++] = '\\';
-+ output[j++] = '2';
-+ output[j++] = '9';
-+ break;
-+ case '\\':
-+ output[j++] = '\\';
-+ output[j++] = '5';
-+ output[j++] = 'c';
-+ break;
-+ case '\r':
-+ output[j++] = '\\';
-+ output[j++] = '0';
-+ output[j++] = 'd';
-+ break;
-+ case '\n':
-+ output[j++] = '\\';
-+ output[j++] = '0';
-+ output[j++] = 'a';
-+ break;
-+ default:
-+ output[j++] = input[i];
-+ }
-+
-+ i++;
-+ }
-+ output[j] = '\0';
-+ *sanitized = talloc_realloc(mem_ctx, output, char, j+1);
-+ if (!*sanitized) {
-+ talloc_free(output);
-+ return ENOMEM;
-+ }
-+
-+ return EOK;
-+}
-+
-+errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
-+ const char *input,
-+ char **sanitized)
-+{
-+ return sss_filter_sanitize_ex(mem_ctx, input, sanitized, NULL);
-+}
---
-2.21.3
-
diff --git a/SOURCES/0040-AD-Enforcing-GPO-rule-restriction-on-user.patch b/SOURCES/0040-AD-Enforcing-GPO-rule-restriction-on-user.patch
deleted file mode 100644
index 527067e..0000000
--- a/SOURCES/0040-AD-Enforcing-GPO-rule-restriction-on-user.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From a06bf788585f5fc14ba16d132665401a7ce7eb35 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= <ppolawsk@redhat.com>
-Date: Thu, 28 May 2020 12:12:58 +0200
-Subject: [PATCH] AD: Enforcing GPO rule restriction on user
-
-This fixes bug related to ad_gpo_implicit_deny option set to True.
-gpo_implict_denay was checked only for dacl_filtered_gpos,
-but not for cse_filtered_gpos.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5181
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/providers/ad/ad_gpo.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
-index 53560a754..2c6aa7fa6 100644
---- a/src/providers/ad/ad_gpo.c
-+++ b/src/providers/ad/ad_gpo.c
-@@ -2541,7 +2541,16 @@ ad_gpo_process_gpo_done(struct tevent_req *subreq)
- /* no gpos contain "SecuritySettings" cse_guid, nothing to enforce */
- DEBUG(SSSDBG_TRACE_FUNC,
- "no applicable gpos found after cse_guid filtering\n");
-- ret = EOK;
-+
-+ if (state->gpo_implicit_deny == true) {
-+ DEBUG(SSSDBG_TRACE_FUNC,
-+ "No applicable GPOs have been found and ad_gpo_implicit_deny"
-+ " is set to 'true'. The user will be denied access.\n");
-+ ret = ERR_ACCESS_DENIED;
-+ } else {
-+ ret = EOK;
-+ }
-+
- goto done;
- }
-
---
-2.21.3
-
diff --git a/SOURCES/0041-man-clarify-AD-certificate-rule.patch b/SOURCES/0041-man-clarify-AD-certificate-rule.patch
deleted file mode 100644
index a54281a..0000000
--- a/SOURCES/0041-man-clarify-AD-certificate-rule.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 3bb910503bb7cbc20105f0a302db400f04436d2a Mon Sep 17 00:00:00 2001
-From: ikerexxe <ipedrosa@redhat.com>
-Date: Tue, 18 Aug 2020 11:45:18 +0200
-Subject: [PATCH] man: clarify AD certificate rule
-
-Clarify AD specific certificate rule example by changing userPrincipal to
-userPrincipalName. Moreover, match the subject principal name in the
-example with the rule name.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5278
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/man/sss-certmap.5.xml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/man/sss-certmap.5.xml b/src/man/sss-certmap.5.xml
-index 10343625e..09aec997c 100644
---- a/src/man/sss-certmap.5.xml
-+++ b/src/man/sss-certmap.5.xml
-@@ -487,7 +487,7 @@
- sign.
- </para>
- <para>
-- Example: (|(userPrincipal={subject_principal})(samAccountName={subject_principal.short_name}))
-+ Example: (|(userPrincipalName={subject_nt_principal})(samAccountName={subject_nt_principal.short_name}))
- </para>
- </listitem>
- </varlistentry>
---
-2.21.3
-
diff --git a/SOURCES/0042-config-allow-prompting-options-in-configuration.patch b/SOURCES/0042-config-allow-prompting-options-in-configuration.patch
deleted file mode 100644
index 20e4c7e..0000000
--- a/SOURCES/0042-config-allow-prompting-options-in-configuration.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 4526858adb58736066a0b2cf2dc793ddfe671b2b Mon Sep 17 00:00:00 2001
-From: ikerexxe <ipedrosa@redhat.com>
-Date: Tue, 4 Aug 2020 15:39:51 +0200
-Subject: [PATCH] config: allow prompting options in configuration
-
-False warnings were logged after enabling prompting options in
-configuration file. This change modifies the configuration rules to
-allow prompting options.
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5259
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/config/cfg_rules.ini | 34 ++++++++++++++++++++++++++++++++++
- 1 file changed, 34 insertions(+)
-
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index 2874ea048..2d4e7b51d 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -14,6 +14,10 @@ section = session_recording
- section_re = ^secrets/users/[0-9]\+$
- section_re = ^secrets/secrets$
- section_re = ^secrets/kcm$
-+section_re = ^prompting/password$
-+section_re = ^prompting/password/[^/\@]\+$
-+section_re = ^prompting/2fa$
-+section_re = ^prompting/2fa/[^/\@]\+$
- section_re = ^domain/[^/\@]\+$
- section_re = ^domain/[^/\@]\+/[^/\@]\+$
- section_re = ^application/[^/\@]\+$
-@@ -332,6 +336,36 @@ option = scope
- option = users
- option = groups
-
-+# Prompting during authentication
-+[rule/allowed_prompting_password_options]
-+validator = ini_allowed_options
-+section_re = ^prompting/password$
-+
-+option = password_prompt
-+
-+[rule/allowed_prompting_2fa_options]
-+validator = ini_allowed_options
-+section_re = ^prompting/2fa$
-+
-+option = single_prompt
-+option = first_prompt
-+option = second_prompt
-+
-+[rule/allowed_prompting_password_subsec_options]
-+validator = ini_allowed_options
-+section_re = ^prompting/password/[^/\@]\+$
-+
-+option = password_prompt
-+
-+[rule/allowed_prompting_2fa_subsec_options]
-+validator = ini_allowed_options
-+section_re = ^prompting/2fa/[^/\@]\+$
-+
-+option = single_prompt
-+option = first_prompt
-+option = second_prompt
-+
-+
- [rule/allowed_domain_options]
- validator = ini_allowed_options
- section_re = ^\(domain\|application\)/[^/]\+$
---
-2.21.3
-
diff --git a/SOURCES/0043-p11_child-switch-default-ocsp_dgst-to-sha1.patch b/SOURCES/0043-p11_child-switch-default-ocsp_dgst-to-sha1.patch
deleted file mode 100644
index 95cac65..0000000
--- a/SOURCES/0043-p11_child-switch-default-ocsp_dgst-to-sha1.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 10366b4ee8c01ea20d908102e92d52fdeda168c3 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 18 Aug 2020 14:37:04 +0200
-Subject: [PATCH] p11_child: switch default ocsp_dgst to sha1
-
-For details please see discussion at
-https://github.com/SSSD/sssd/pull/837#issuecomment-672831519
-
-:newdefault: sssd:certificate_verification:ocsp_dgst, sha256, sha1
-
-Resolves:
-https://github.com/SSSD/sssd/issues/5002
-
-Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/man/sssd.conf.5.xml | 3 ++-
- src/p11_child/p11_child_common_utils.c | 6 +++---
- src/p11_child/p11_child_openssl.c | 4 ++--
- 3 files changed, 7 insertions(+), 6 deletions(-)
-
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index 874a09c49..50692dfdd 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -507,7 +507,8 @@
- <listitem><para>sha512</para></listitem>
- </itemizedlist></para>
- <para>
-- Default: sha256
-+ Default: sha1 (to allow compatibility with
-+ RFC5019-compliant responder)
- </para>
- <para>(NSS Version) This option is
- ignored, because NSS uses sha1
-diff --git a/src/p11_child/p11_child_common_utils.c b/src/p11_child/p11_child_common_utils.c
-index 6798752c7..95791b1f0 100644
---- a/src/p11_child/p11_child_common_utils.c
-+++ b/src/p11_child/p11_child_common_utils.c
-@@ -43,7 +43,7 @@ static struct cert_verify_opts *init_cert_verify_opts(TALLOC_CTX *mem_ctx)
- cert_verify_opts->ocsp_default_responder = NULL;
- cert_verify_opts->ocsp_default_responder_signing_cert = NULL;
- cert_verify_opts->crl_file = NULL;
-- cert_verify_opts->ocsp_dgst = CKM_SHA256;
-+ cert_verify_opts->ocsp_dgst = CKM_SHA_1;
- cert_verify_opts->soft_ocsp = false;
- cert_verify_opts->soft_crl = false;
-
-@@ -174,8 +174,8 @@ errno_t parse_cert_verify_opts(TALLOC_CTX *mem_ctx, const char *verify_opts,
- } else {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Unsupported digest for OCSP [%s], "
-- "using default sha256.\n", &opts[c][OCSP_DGST_LEN]);
-- cert_verify_opts->ocsp_dgst = CKM_SHA256;
-+ "using default sha1.\n", &opts[c][OCSP_DGST_LEN]);
-+ cert_verify_opts->ocsp_dgst = CKM_SHA_1;
- }
- #endif
- } else if (strcasecmp(opts[c], "soft_ocsp") == 0) {
-diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c
-index 321cf162e..04b3e1467 100644
---- a/src/p11_child/p11_child_openssl.c
-+++ b/src/p11_child/p11_child_openssl.c
-@@ -372,8 +372,8 @@ static errno_t do_ocsp(struct p11_ctx *p11_ctx, X509 *cert)
- ocsp_dgst = get_dgst(p11_ctx->cert_verify_opts->ocsp_dgst);
- if (ocsp_dgst == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "Cannot determine configured digest function "
-- "for OCSP, using default sha256.\n");
-- ocsp_dgst = EVP_sha256();
-+ "for OCSP, using default sha1.\n");
-+ ocsp_dgst = EVP_sha1();
- }
- cid = OCSP_cert_to_id(ocsp_dgst, cert, issuer);
- if (cid == NULL) {
---
-2.21.3
-
diff --git a/SOURCES/0044-GPO-respect-ad_gpo_implicit_deny-when-evaluation-rul.patch b/SOURCES/0044-GPO-respect-ad_gpo_implicit_deny-when-evaluation-rul.patch
deleted file mode 100644
index d00fb18..0000000
--- a/SOURCES/0044-GPO-respect-ad_gpo_implicit_deny-when-evaluation-rul.patch
+++ /dev/null
@@ -1,181 +0,0 @@
-From 69e1f5fe79806a530e90c8af09bedd3b9e6b4dac Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 10 Jul 2020 15:30:29 +0200
-Subject: [PATCH] GPO: respect ad_gpo_implicit_deny when evaluation rules
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently if setting ad_gpo_implicit_deny to 'True' is rejected access
-if no GPOs applied to the host since in this case there are obvious not
-allow rules available.
-
-But according to the man page we have to be more strict "When this
-option is set to True users will be allowed access only when explicitly
-allowed by a GPO rule". So if GPOs apply and no allow rules are present
-we have to reject access as well.
-
-Resolves: https://github.com/SSSD/sssd/issues/5061
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/man/sssd-ad.5.xml | 59 +++++++++++++++++++++++++++++++++++++++
- src/providers/ad/ad_gpo.c | 13 +++++++--
- 2 files changed, 69 insertions(+), 3 deletions(-)
-
-diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
-index 5c2f46546..fbd4985d7 100644
---- a/src/man/sssd-ad.5.xml
-+++ b/src/man/sssd-ad.5.xml
-@@ -477,9 +477,68 @@ DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,
- built-in Administrators group if no GPO rules
- apply to them.
- </para>
-+
- <para>
- Default: False
- </para>
-+
-+ <para>
-+ The following 2 tables should illustrate when a user
-+ is allowed or rejected based on the allow and deny
-+ login rights defined on the server-side and the
-+ setting of ad_gpo_implicit_deny.
-+ </para>
-+ <informaltable frame='all'>
-+ <tgroup cols='3'>
-+ <colspec colname='c1' align='center'/>
-+ <colspec colname='c2' align='center'/>
-+ <colspec colname='c3' align='center'/>
-+ <thead>
-+ <row><entry namest='c1' nameend='c3' align='center'>
-+ ad_gpo_implicit_deny = False (default)</entry></row>
-+ <row><entry>allow-rules</entry><entry>deny-rules</entry>
-+ <entry>results</entry></row>
-+ </thead>
-+ <tbody>
-+ <row><entry>missing</entry><entry>missing</entry>
-+ <entry><para>all users are allowed</para>
-+ </entry></row>
-+ <row><entry>missing</entry><entry>present</entry>
-+ <entry><para>only users not in deny-rules are
-+ allowed</para></entry></row>
-+ <row><entry>present</entry><entry>missing</entry>
-+ <entry><para>only users in allow-rules are
-+ allowed</para></entry></row>
-+ <row><entry>present</entry><entry>present</entry>
-+ <entry><para>only users in allow-rules and not in
-+ deny-rules are allowed</para></entry></row>
-+ </tbody></tgroup></informaltable>
-+
-+ <informaltable frame='all'>
-+ <tgroup cols='3'>
-+ <colspec colname='c1' align='center'/>
-+ <colspec colname='c2' align='center'/>
-+ <colspec colname='c3' align='center'/>
-+ <thead>
-+ <row><entry namest='c1' nameend='c3' align='center'>
-+ ad_gpo_implicit_deny = True</entry></row>
-+ <row><entry>allow-rules</entry><entry>deny-rules</entry>
-+ <entry>results</entry></row>
-+ </thead>
-+ <tbody>
-+ <row><entry>missing</entry><entry>missing</entry>
-+ <entry><para>no users are allowed</para>
-+ </entry></row>
-+ <row><entry>missing</entry><entry>present</entry>
-+ <entry><para>no users are allowed</para>
-+ </entry></row>
-+ <row><entry>present</entry><entry>missing</entry>
-+ <entry><para>only users in allow-rules are
-+ allowed</para></entry></row>
-+ <row><entry>present</entry><entry>present</entry>
-+ <entry><para>only users in allow-rules and not in
-+ deny-rules are allowed</para></entry></row>
-+ </tbody></tgroup></informaltable>
- </listitem>
- </varlistentry>
-
-diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
-index 2c6aa7fa6..0cf5da2a1 100644
---- a/src/providers/ad/ad_gpo.c
-+++ b/src/providers/ad/ad_gpo.c
-@@ -1531,6 +1531,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
- enum gpo_access_control_mode gpo_mode,
- enum gpo_map_type gpo_map_type,
- const char *user,
-+ bool gpo_implicit_deny,
- struct sss_domain_info *domain,
- char **allowed_sids,
- int allowed_size,
-@@ -1575,7 +1576,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
- group_sids[j]);
- }
-
-- if (allowed_size == 0) {
-+ if (allowed_size == 0 && !gpo_implicit_deny) {
- access_granted = true;
- } else {
- access_granted = check_rights(allowed_sids, allowed_size, user_sid,
-@@ -1694,6 +1695,7 @@ ad_gpo_perform_hbac_processing(TALLOC_CTX *mem_ctx,
- enum gpo_access_control_mode gpo_mode,
- enum gpo_map_type gpo_map_type,
- const char *user,
-+ bool gpo_implicit_deny,
- struct sss_domain_info *user_domain,
- struct sss_domain_info *host_domain)
- {
-@@ -1732,8 +1734,8 @@ ad_gpo_perform_hbac_processing(TALLOC_CTX *mem_ctx,
-
- /* perform access check with the final resultant allow_sids and deny_sids */
- ret = ad_gpo_access_check(mem_ctx, gpo_mode, gpo_map_type, user,
-- user_domain, allow_sids, allow_size, deny_sids,
-- deny_size);
-+ gpo_implicit_deny, user_domain,
-+ allow_sids, allow_size, deny_sids, deny_size);
-
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
-@@ -1918,6 +1920,7 @@ immediately:
- static errno_t
- process_offline_gpos(TALLOC_CTX *mem_ctx,
- const char *user,
-+ bool gpo_implicit_deny,
- enum gpo_access_control_mode gpo_mode,
- struct sss_domain_info *user_domain,
- struct sss_domain_info *host_domain,
-@@ -1930,6 +1933,7 @@ process_offline_gpos(TALLOC_CTX *mem_ctx,
- gpo_mode,
- gpo_map_type,
- user,
-+ gpo_implicit_deny,
- user_domain,
- host_domain);
- if (ret != EOK) {
-@@ -1976,6 +1980,7 @@ ad_gpo_connect_done(struct tevent_req *subreq)
- DEBUG(SSSDBG_TRACE_FUNC, "Preparing for offline operation.\n");
- ret = process_offline_gpos(state,
- state->user,
-+ state->gpo_implicit_deny,
- state->gpo_mode,
- state->user_domain,
- state->host_domain,
-@@ -2102,6 +2107,7 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq)
- DEBUG(SSSDBG_TRACE_FUNC, "Preparing for offline operation.\n");
- ret = process_offline_gpos(state,
- state->user,
-+ state->gpo_implicit_deny,
- state->gpo_mode,
- state->user_domain,
- state->host_domain,
-@@ -2766,6 +2772,7 @@ ad_gpo_cse_done(struct tevent_req *subreq)
- state->gpo_mode,
- state->gpo_map_type,
- state->user,
-+ state->gpo_implicit_deny,
- state->user_domain,
- state->host_domain);
- if (ret != EOK) {
---
-2.21.3
-
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index c74441a..ffb49b8 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -25,8 +25,8 @@
%endif
Name: sssd
-Version: 2.3.0
-Release: 9%{?dist}
+Version: 2.4.0
+Release: 2%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -34,50 +34,6 @@ URL: https://pagure.io/SSSD/sssd/
Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
### Patches ###
-Patch0001: 0001-ad_gpo_ndr.c-more-ndr-updates.patch
-Patch0002: 0002-test-avoid-endian-issues-in-network-tests.patch
-Patch0003: 0003-sssctl-sssctl-config-check-alternative-config-file.patch
-Patch0004: 0004-DEBUG-only-open-child-process-log-files-when-require.patch
-Patch0005: 0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
-Patch0006: 0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
-Patch0007: 0007-util-inotify-fixed-CLANG_WARNING.patch
-Patch0008: 0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
-Patch0009: 0009-Replaced-enter-with-insert.patch
-Patch0010: 0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
-Patch0011: 0011-ipa-add-failover-to-subdomain-override-lookups.patch
-Patch0012: 0012-GPO-fix-link-order-in-a-SOM.patch
-Patch0013: 0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
-Patch0014: 0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
-Patch0015: 0015-sysdb-make-new_subdomain-public.patch
-Patch0016: 0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
-Patch0017: 0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
-Patch0018: 0018-ad-add-ad_check_domain_-send-recv.patch
-Patch0019: 0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
-Patch0020: 0020-man-Document-invalid-selinux-context-for-homedirs.patch
-Patch0021: 0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
-Patch0022: 0022-pam_sss-special-handling-for-gdm-smartcard.patch
-Patch0023: 0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
-Patch0024: 0024-systemtap-Missing-a-comma.patch
-Patch0025: 0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
-Patch0026: 0026-files-allow-root-membership.patch
-Patch0027: 0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
-Patch0028: 0028-mem-cache-sizes-of-free-and-data-tables-were-made-co.patch
-Patch0029: 0029-NSS-make-memcache-size-configurable.patch
-Patch0030: 0030-NSS-avoid-excessive-log-messages.patch
-Patch0031: 0031-NSS-enhanced-debug-during-mem-cache-initialization.patch
-Patch0032: 0032-mem-cache-added-log-message-in-case-cache-is-full.patch
-Patch0033: 0033-NSS-make-memcache-size-configurable-in-megabytes.patch
-Patch0034: 0034-mem-cache-comment-added.patch
-Patch0035: 0035-mem-cache-always-cleanup-old-content.patch
-Patch0036: 0036-TRANSLATIONS-updated-translations-to-include-new-sou.patch
-Patch0037: 0037-Updated-translation-files-Japanese-Chinese-China-Fre.patch
-Patch0038: 0038-sssctl-sssctl-config-check-alternative-snippet-dir.patch
-Patch0039: 0039-certmap-sanitize-LDAP-search-filter.patch
-Patch0040: 0040-AD-Enforcing-GPO-rule-restriction-on-user.patch
-Patch0041: 0041-man-clarify-AD-certificate-rule.patch
-Patch0042: 0042-config-allow-prompting-options-in-configuration.patch
-Patch0043: 0043-p11_child-switch-default-ocsp_dgst-to-sha1.patch
-Patch0044: 0044-GPO-respect-ad_gpo_implicit_deny-when-evaluation-rul.patch
### Downstream Patches ###
@@ -641,6 +597,7 @@ autoreconf -ivf
--enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
--disable-static \
--with-crypto=libcrypto \
+ --with-libwbclient \
--disable-rpath \
--with-initscript=systemd \
--with-syslog=journald \
@@ -1250,6 +1207,29 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so
%changelog
+* Thu Nov 12 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-2
+- This is to bump version to allow rebuild against rebased libldb.
+
+* Fri Oct 23 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-1
+- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4
+- Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI
+- Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search()
+- Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording
+- Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x
+- Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD.
+- Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process
+- Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL
+- Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase)
+- Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page
+- Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals"
+- Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains
+- Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file
+- Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes
+- Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level
+- Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff
+- Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command
+- Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate
+
* Mon Sep 14 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-9
- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied